Serverless applications are a hot topic today. By now, many are well versed in the benefits and uses for serverless, but there remain many misconceptions about serverless security. Serverless applications bring with them numerous benefits, they also change the way that you think about building applications by changing up the way that data and customer requests move in and around them. As developers adopt fully managed services, the shared responsibility model between developers and cloud providers changes, and we argue that it changes for the better. In this session we’ll cover how to think about security end to end of your serverless applications, from your code to the AWS services such as Amazon API Gateway and Amazon S3. We’ll talk about the importance of automated governance and how to best to organize your own processes for security first development.