23 September 2019

6 Things You’re Probably Doing Wrong Securing Serverless Apps

Serverless Security Mistake
Do you ever have that sinking feeling in the pit of your stomach, worrying that you’ve forgotten something? […]
17 July 2019

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, […]
7 May 2019

A Deep Dive into Serverless Attacks, SLS-5: Broken Access Control in Serverless Deployments

Broken Access
Maintaining good access control in traditional apps is one of the hardest tasks. It involves both code and configuration. Both in the application and the infrastructure level. With the right serverless security tools, you will be to enforce least privilege permissions for code, without depending on the developer to know how to do that.
8 March 2019

A Deep Dive into Serverless Attacks, SLS-4: XML External Entity (XXE) Attacks

A Deep Dive into Serverless Attacks
Let me first apologize for the long absence. However, I haven’t been idle. I’ve been working hard to […]
21 February 2019

Cloud Native Security: What it Means

Cloud-native applications are applications that have been built purposely to be deployed and operated in a cloud environment. […]
8 January 2019

Level Up on Security with the New Damn Vulnerable Serverless App

Welcome to 2019. The year we will all understand that serverless is not a fleeting trend, but is […]
28 November 2018

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog […]
1 November 2018

A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

Thanks for joining me for the second post in the series. In the previous post I discussed what […]
7 October 2018

A Deep Dive into Serverless Attacks, SLS-1: Event Injection

The OWASP Serverless top 10 project was just launched. It aims at educating practitioners and organizations about the […]