SANS Cyber Defense Initiative: Workshop - Attacking and Defending Serverless Applications

  • Wednesday, 14 Dec 2022 7:15PM EST (15 Dec 2022 00:15 UTC)
  • Speaker: Shaun McCullough

You have been tasked to perform security testing of a development application named evidence-app which is used by the Sherlock team to collect, store, and hash evidence data - before the application is deployed into production. To do this, you will set up a temporary deployment of this application in your own AWS account, perform a series of attacks against the application to determine any weaknesses, and then ensure that, if weaknesses are found, ample logging is in place to detect the malice.

Throughout the workshop, you will learn about some common attack techniques targeting a cloud-based application, how to ensure that logging is in place to detect these types of activities, and how to analyze the log data to discover the attack. This workshop contains components of several SANS Cloud Curriculum courses: SEC488, SEC541, SEC588 to help you on your journey to becoming a more well-rounded SANS Cloud Ace.


  • An AWS account with root or Administrator Access permissions

System Requirements:

  • Google Chrome web browser
  • Access to * over 443/tcp

SANS welcomes our Asia Pacific delegates to join this event. 

Please note the following date and times by region:

Thursday, 15 Dec 2022:

5:45 a.m. UTC+5:30 (India)

7:15 a.m. UTC+7:00 (Indonesia / Thailand / Vietnam)

8:15 a.m. UTC+8:00 (Singapore / Philippines)

9:15 a.m. UTC+9:00 (Japan / Korea)

11:15 a.m. UTC+11:00 (Australia Eastern Daylight Time)

1:15 p.m. UTC+13:00 (New Zealand)