Securing Serverless Apps – 6 Things You’re Probably Doing Wrong

Securing your serverless app can feel overwhelming. Do you ever have that sinking feeling in the pit of your stomach, worrying that you’ve forgotten something? The agonizing fear that you’ve left the stove on and will burn down your home? If you’re deploying serverless applications, you may be experiencing that twisting apprehension with regards to […]

Is AWS Lambda the Most Secure Application Platform? Probably.

We talk a lot about the need for a different security paradigm for AWS lambda security, and it’s easy for these messages to get conflated with messages like “this thing isn’t secure.” While it’s sort of early days for serverless, there are a few good reasons to believe that security teams should be pushing their […]

A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

Thanks for joining me for the second post in the series, the OWASP Serverless Top 10 Broken Authentication. In the previous post I discussed what might be the most concerning attack under every platform – injections. The post demonstrated the changes in attack surface when moving from a perimeter-based entry point in traditional monolithic applications […]