JS.weekly() => #50: Rebuilding Slack with React
AWS serverless and serverless security.
A story of how Slack was for two years rewriting the desktop app into React.
A brief overview of the typical services you use in a serverless architecture on AWS.
Going serverless requires you to:
- “Worry about scaling the neutral risks. This involves being more granular and less permissive in your policies and perimeters, encrypting certain data, analyzing functions’ data access, and using testing and tools to find and fix vulnerabilities.
- Focus on the security risks that have become worse. This involves taking care in how you work with third-party services, performing independent security testing of functions, limiting functionality, considering library models, monitoring both functions and flows, reducing permissions, and reducing and tracking deployments of functions.
- Research and invest in serverless security scanners and testing services that fit your needs. This is a space that’s evolving by the second. New products come out regularly, but many of them are still new and somewhat unproven. Do your research and invest wisely.”