Serverless Security Risks

When adopting a serverless application paradigm, organizations need to embrace a new view on serverless security and the risks. Some key shifts that occur, including: Vectors and Protocols: Unlike traditional cloud applications, where code is predominantly triggered by client requests coming over HTTP/S, serverless diversifies the ways applications can be triggered.  Attacks: Serverless applications, such […]

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, web server, application server, database, frameworks, custom code, and preinstalled virtual machines, containers, or storage. Luckily, almost none of that has anything to do with serverless. The network services, platform, database, frameworks, VMs all of that belongs […]

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog post series, taking you through a journey to the new, unruled, land of serverless security. Where, a sheriff (your security controls) cannot be deployed, and both hackers and developers struggle to understand how they should act. First, I […]

PODCAST: The View from Different Angles – AWS Serverless Monitoring

For this episode, Hillel and Tal from Protego were joined by Alex Glikson, Cloud Guru at Carnegie Mellon University. Alex stated, “I have been working on virtualization and cloud infrastructure topics for the last 15 years or so, even before it was called ‘cloud.’ We had the prototype of a bare-metal cloud roughly 15 to […]

A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

Thanks for joining me for the second post in the series, the OWASP Serverless Top 10 Broken Authentication. In the previous post I discussed what might be the most concerning attack under every platform – injections. The post demonstrated the changes in attack surface when moving from a perimeter-based entry point in traditional monolithic applications […]