Serverless security modeling in Firebase

Using secure design principles as our guide, we cover the default security of Firebase services and what developers need to do to configure and secure their applications. Walking through a simple serverless application built with Firebase backend products, we discuss different security threats, from malicious actors to user error. As we go, we build a checklist that you can use to audit your own app's security and protect yourself and your users. 00:00 Intro 02:39 Open source SDKs 03:35 DOS protection 06:39 API key management 08:11 Security Rules 12:23 Firebase Authentication 14:54 Anonymous Authentication 16:12 Limiting Team Access 17:27 Open source dependencies 18:58 Function Safety 20:34 Wrap up Resources: Pre-defined Firebase IAM roles: https://goo.gle/340cGPQ Attributes of Auth Tokens: https://goo.gle/2H25pGb Setting up Custom Auth with Okta: https://goo.gle/33VMbL6 Snyk: https://snyk.io/ and their NPM module: https://goo.gle/351N58a Cloud functions configuration options: https://goo.gle/2GRZPXc New features in Firebase Security Rules: https://goo.gle/2SQPE7A Upgrading to GCIP for MFA: https://goo.gle/3jZUWtk Authentication Limits: https://goo.gle/2TwDWPE Debug JWTs with https://jwt.io/ Firebase Security Checklist: https://goo.gle/3lQBekl Codelab: Local development with the Firebase Emulator Suite: https://goo.gle/2TsOzTK How to set up CI using the Firebase Emulator Suite: https://goo.gle/3otcnVJ Firebase Authentication: from fully managed to fully customizable: https://goo.gle/3kJpjEV How to turn on Billing and still sleep at night: https://goo.gle/2HEjYQC Speakers: Jon Skrip, Rachel Myers Watch more: Firebase Summit 2020 playlist → http://goo.gle/firebasesummit2020 Subscribe to the Firebase channel → https://goo.gle/Firebase #FirebaseSummit event: Firebase Summit 2020; re_ty: Publish; product: Firebase - General; fullname: Jon Skrip, Rachel Myers;