28 October 2019

What Is Cloud Native Security

cloud native security
23 September 2019

Securing Serverless Apps – 6 Things You’re Probably Doing Wrong

Serverless Security Mistake
Securing your serverless app can feel overwhelming. Do you ever have that sinking feeling in the pit of […]
17 July 2019

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, […]
7 May 2019

A Deep Dive into Serverless Attacks, SLS-5: Broken Access Control in Serverless Deployments

Broken Access
Maintaining good access control in traditional apps is one of the hardest tasks. It involves both code and configuration. Both in the application and the infrastructure level. With the right serverless security tools, you will be to enforce least privilege permissions for code, without depending on the developer to know how to do that.
8 March 2019

A Deep Dive into Serverless Attacks, SLS-4: XML External Entity (XXE) Attacks

A Deep Dive into Serverless Attacks
Let me first apologize for the long absence. However, I haven’t been idle. I’ve been working hard to […]
8 January 2019

Vulnerable Serverless App – Level Up on Security

Welcome to 2019. The year we will all understand that serverless is not a fleeting trend, but is […]
28 November 2018

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog […]
1 November 2018

A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

OWASP Serverless Top 10 Broken Authentication
Thanks for joining me for the second post in the series, the OWASP Serverless Top 10 Broken Authentication. […]
7 October 2018

A Deep Dive into OWASP TOP TEN – Serverless Attacks, SLS-1: Event Injection

The OWASP Serverless top ten project was just launched. It aims at educating practitioners and organizations about the […]