https://technical.ly/baltimore/wp-content/themes/national Protego has a new open source tool to provide serverless security training - Technical.ly Baltimore

Dev

Jan. 8, 2019 1:12 pm

Protego has a new open source tool to provide serverless security training

With Damn Vulnerable Serverless Application, the company is providing a place to learn about potential vulnerabilities. Head of Security Research Tal Melamed said providing hands-on learning is key to education.

Protego wants to bring security to serverless environments.

(Photo by Flickr user Yuri Samoilov, used under a Creative Commons license)

Baltimore startup Protego is looking to provide security for serverless computing. It’s a new field, and so there’s some education involved.

As CEO Tsion Gonen has told Technical.ly, the company sees lots of promise in the technology, which proponents say allows developers to focus on building code without worrying about certain overhead considerations. The form of cloud computing doesn’t eliminate servers altogether, but takes the requirement to maintain servers out of the equation and allows applications to be scaled automatically.

But as with many technologies, there are potential security vulnerabilities. Plenty of users understand this, but the vulnerabilities in the fledgling area aren’t all fully understood.

“We’ve been asked by many of our customers and by security professionals if there’s a way to test their security and security understanding,” said Protego Labs Head of Security Research Tal Melamed. “Many companies did the transformation to serverless, and the security conversation was there. But, there was no actual way to apply the knowledge and skill and really test it.”

To allow for that learning, Protego created an open source tool. DVSA, or Damn Vulnerable Serverless Application, provides an interface that shows the most common serverless vulnerabilities. The company also donated the tool to OWASP, the Open Web Application Security Project.

The idea is to allow organizations and devs train in securing serverless environments, and provide security professionals a place to test their skills and tools. The testing application includes cloud resources, as well as a back-end with a variety of functions and front-end with authentication and email interaction with users. Within the environment, it allows practitioners to attempt attacks.

“They can first hack, and then the important part is to fix the code, make the app more secure, and check that the exploit doesn’t work anymore,” said Melamed. “I’ve been training both ethical hackers and developers for years and this is the best, and maybe the only, way to really learn about security implications.”

Advertisement

Along with helping developers understand the processes behind serverless security, Melamed also sees it as a tool for students and teachers.

“I hope that by making it open source it could grow and maybe even help discover new security vulnerabilities that we haven’t thought of before,” Melamed said.

It’s not the first open source project from the startup. Last year, Protego Labs also provided a tool called the OWASP Serverless Top 10, which provided a look at the most common server vulnerabilities.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

Maryland cybersecurity company Syncurity closes $2M seed round

Cyber Crucible helps companies get specific about network security threats

Contrast Security’s Fells Point office has local touches and room to grow

SPONSORED

Baltimore

Why a modern office matters for Asymmetrik’s growing culture

Baltimore, MD 21201

14 West

Solutions Specialist

Apply Now
Baltimore, MD

SmartLogic

Developer

Apply Now
Baltimore, MD 21201

Agora Financial, an Agora Company

Front End Web Developer

Apply Now

MasterPeace Solutions gives cybersecurity talent space to build startups

Shipbuilding giant Huntington Ingalls acquires Maryland cyber company G2, Inc.

Zoom patches conference software after Tenable discovers security vulnerability

SPONSORED

Baltimore

SmartLogic propels digital transformation aboard Baltimore Water Taxi

Baltimore, MD 21201

Agora Financial

Email Deliverability Specialist

Apply Now
Annapolis Junction, MD

Asymmetrik

FULL-STACK DEVELOPER

Apply Now
Annapolis Junction, MD

Asymmetrik

SOFTWARE ENGINEER

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!