Yan is an experienced engineer who has worked with AWS for nearly 10 years. He has been an architect and lead developer with a variety of industries ranging from investment banks, e-commerce to mobile gaming.
In the last 3 years he has worked extensively with AWS Lambda in production, and he has been very active in sharing his experiences and the lessons learnt, some of his work has even made their way into the Well-Architected whitepaper published by AWS.
A polyglot in both spoken and programming languages, he is fluent in both English and Mandarin, and count C#, F#, Scala, Node.js and Erlang amongst programming languages that he has worked with professionally. Although he enjoys learning different programming languages and paradigms, he still holds F# as his undisputed favourite and co-authored F# Deep Dives
In his spare time, he keeps a well known and active blog at theburningmonk.com.
AWS Lambda has changed the way we deploy and run software, but the serverless paradigm has created new challenges to old problems: How do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
Yan Cui shares solutions to these challenges, drawing on his experience running Lambda in production and migrating from an existing monolithic architecture.
AWS has taken over the responsibilities of patching the OS and securing the underlying physical infrastructure that runs your serverless application, so what’s left for you to secure? Quite a bit it turns out.
The OWASP top 10 is as relevant to you as ever; DOS attacks are still a threat even if you can probably brute force your way through it as AWS auto-scales Lambda functions automatically; and did you know attackers can easily steal your AWS credentials via your application dependencies?
In addition to the traditional threats, serverless applications have more granular deployment units and therefore there are more things to configure and secure, and the tools and practices are still catching up with this fast changing world.
Join Yan in this talk to learn more about the security threats that will affect your serverless application and some leading practices that help you combat these threats.