Serverless technology is used by more and more organizations that have moved to the cloud because it enables them to concentrate on their business without the need to provision servers or have predefined budgets. This frees up developers to concentrate on building logic and producing value quickly. But even without provisioning servers, cloud functions still execute code.

Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times. How can developers ensure that their code is secure enough? In many organizations, the application security team struggles to keep up with the speed of development in a serverless environment.

In this talk, we will shed light on common risks in serverless environments and how we can fill the security gaps, in the speed of DevSecOps.