Serverless Security Risks

When adopting a serverless application paradigm, organizations need to embrace a new view on serverless security and the risks. Some key shifts that occur, including: Vectors and Protocols: Unlike traditional cloud applications, where code is predominantly triggered by client requests coming over HTTP/S, serverless diversifies the ways applications can be triggered.  Attacks: Serverless applications, such […]

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, web server, application server, database, frameworks, custom code, and preinstalled virtual machines, containers, or storage. Luckily, almost none of that has anything to do with serverless. The network services, platform, database, frameworks, VMs all of that belongs […]

Cloud Native Application Security Starts with Identity Management

This article by Protego Labs CTO and co-founder Hillel Solow was originally about cloud native security published in The New Stack I had something of an epiphany recently about how to look at permissions and roles in serverless applications. Maybe to some of you, this won’t be as “Soylent Green is People” as it was […]

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog post series, taking you through a journey to the new, unruled, land of serverless security. Where, a sheriff (your security controls) cannot be deployed, and both hackers and developers struggle to understand how they should act. First, I […]

Here Come Botnets – Serverless Botnets Security

Serverless computing continues to grow as cloud consumers expand their use of technologies like AWS Lambda and Google Cloud Functions. Serverless functions are ephemeral by nature, which creates not only a paradigm shift in application architecture, but also strengthens application security as well. And what about serverless botnets security? It’s tempting to imagine that this […]