Serverless Security Risks

When adopting a serverless application paradigm, organizations need to embrace a new view on serverless security and the risks. Some key shifts that occur, including: Vectors and Protocols: Unlike traditional cloud applications, where code is predominantly triggered by client requests coming over HTTP/S, serverless diversifies the ways applications can be triggered.  Attacks: Serverless applications, such […]

Securing Serverless Apps – 6 Things You’re Probably Doing Wrong

Securing your serverless app can feel overwhelming. Do you ever have that sinking feeling in the pit of your stomach, worrying that you’ve forgotten something? The agonizing fear that you’ve left the stove on and will burn down your home? If you’re deploying serverless applications, you may be experiencing that twisting apprehension with regards to […]

9 Serverless Security Best Practices

In some ways, serverless application architectures improve security. However, threats to your apps will persist. They just won’t look and act the same way. In this blog, we’ll outline 9 serverless security best practices you need to adopt as part of this paradigm shift.

Is AWS Lambda the Most Secure Application Platform? Probably.

We talk a lot about the need for a different security paradigm for AWS lambda security, and it’s easy for these messages to get conflated with messages like “this thing isn’t secure.” While it’s sort of early days for serverless, there are a few good reasons to believe that security teams should be pushing their […]

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, web server, application server, database, frameworks, custom code, and preinstalled virtual machines, containers, or storage. Luckily, almost none of that has anything to do with serverless. The network services, platform, database, frameworks, VMs all of that belongs […]

AWS Lambda Security Best Practices

Moving to serverless, including AWS Lambda, makes security both easier and harder, as I outlined in our Serverless Security Scorecard. In deploying serverless apps, you cede control over most of the stack to your cloud provider, for better and for worse. You no longer own OS hardening, admin rights, SSH, and segmentation. The exception where […]

Cloud Native Application Security Starts with Identity Management

This article by Protego Labs CTO and co-founder Hillel Solow was originally about cloud native security published in The New Stack I had something of an epiphany recently about how to look at permissions and roles in serverless applications. Maybe to some of you, this won’t be as “Soylent Green is People” as it was […]

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog post series, taking you through a journey to the new, unruled, land of serverless security. Where, a sheriff (your security controls) cannot be deployed, and both hackers and developers struggle to understand how they should act. First, I […]

PODCAST: The View from Different Angles – AWS Serverless Monitoring

For this episode, Hillel and Tal from Protego were joined by Alex Glikson, Cloud Guru at Carnegie Mellon University. Alex stated, “I have been working on virtualization and cloud infrastructure topics for the last 15 years or so, even before it was called ‘cloud.’ We had the prototype of a bare-metal cloud roughly 15 to […]

7 Tools That Ease Serverless Security Adoption, and Companies to Watch in 2019

We are pleased to be included in the SD Times list of Companies to Watch in 2019 WHAT DO THEY DO: Serverless security adoption WHY WE’RE WATCHING: Serverless security technology is a huge trend expanded to even grow even larger next year. As businesses begin to make this transition and adopt this technology, it means […]