While serverless abstracts the underlying infrastructure, it doesn’t reduce responsibility. In highly dynamic, event-driven cloud environments, security teams face fast-moving threats that traditional models weren’t designed to handle. Misconfigurations, fuzzy trust boundaries, and insecure integrations create new attack surfaces, including vulnerable libraries, leaky secrets, wildcard IAM roles, and misconfigured triggers.
In this immersive 2-hour workshop, participants will build a cloud lab using serverless components to design and secure an end-to-end AI pipeline with LynxLab. Teams will tackle gamified, challenge-based scenarios, identifying vulnerabilities in each Git branch, mapping them to STRIDE and OWASP serverless categories, and exploring real-world attack paths.
This session emphasizes practical skills over theory. Attendees will learn how ephemeral execution, event-driven chains, and implicit trust boundaries can be exploited, and leave with actionable patterns, checklists, and defensive strategies to secure modern serverless applications without slowing delivery.

## Module 1| Building Your Home Cloud Lab (LynxLab Setup) : 40 mins

Objective: Equip participants with a fully functional cloud-based environment to safely explore serverless attacks and defenses.

Topics Covered:
- Quick primer: why serverless ≠ “less responsibility”
- Overview of LynxLab architecture (serverless components, event triggers, IAM wiring)
- Guided installation and configuration

Hands-On Deliverables:
- Fully deployed personal cloud lab

## Module 2| Gamified Challenges - Hunt the Vulnerability in LynxLab : 30 mins

Objective: Engage teams in interactive, challenge-based discovery of common serverless weaknesses.

Format: Participants are split into teams. Each Git branch represents a distinct misconfiguration or vulnerability pattern. Teams must identify, validate, and document the issue.

Gamification: Points are awarded for identifying vulnerability and we will display a real-time dashboard of scores for each team

Hands-On Deliverables:
- Documented findings per challenge

## Module 3| Deep Dive - Attack & Defense Breakdown (STRIDE + OWASP Serverless Top 10) : 30 mins

Objective: Walk through each challenge in detail, explaining real-world exploitation paths and corresponding defensive strategies.

Discussion Framework:
Each challenge is analyzed through -
- Tactics, Techniques, Procedures (TTPs) used by adversaries
- STRIDE categories (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
- Relevant OWASP Top 10 categories (e.g., Serverless A6: Function Permission Misuse, A3: Event Injection)

Deep-Dive Examples:
- Privilege escalation via wildcard IAM → Elevation of Privilege / STRIDE
- Secret leakage in environment variables → Information Disclosure
- Insecure event trigger chaining → Event Injection / Tampering

Defense Patterns:
- IAM least privilege scaffolding
- Event schema validation
- Secret rotation & parameter store usage
- Secure dependency management practices

Hands-On Deliverables:
- Completed attack/defense matrix
- Mapped security controls to each misconfiguration
- Templates and best-practice patterns to reapply at work

## Module 4| Key Takeaways & Ship to Monday Insights : 20 mins

Objective: Synthesize lessons learned into actionable guidance for practitioners, architects, and leaders.

Topics:
- How serverless risks fundamentally differ from traditional application models
- Why ephemeral compute = persistent security concerns
- Understanding invisible trust boundaries and event-driven exploit chains
- Common pitfalls executives and architects overlook
- Operationalizing secure serverless pipelines without slowing delivery

Takeaway Materials:
- Serverless attack/defense cheat sheet
- STRIDE + OWASP serverless mapping guide
- Secure serverless deployment checklist