AWS Lambda Security: Taming Your Open Source Dependencies With FunctionShield

AWS Lambda Security: Taming Your Open Source Dependencies With FunctionShield

|
According to a recent survey of 16,000 developers by Npm inc., 77% of the respondents were concerned with the security of open source software packages ... Read More
Talking Serverless And AWS Lambda Security With Jeff Forristal

Talking Serverless And AWS Lambda Security With Jeff Forristal

Introduction In my previous blog interview with Jeremiah Grossman, I mentioned that throughout the years, I befriended a small group of people, with which every discussion is always intriguing, challenging and truly inspiring. Jeff Forristal is another old acquaintance, who I hold the utmost respect for. Jeff is an accomplished ... Read More
If It Happened To Facebook...

If It Happened To Facebook…

Earlier today, Facebook released a blog post regarding a recent discovered vulnerability in their platform, which apparently got exploited by attackers. Here's an excerpt from the Facebook blog: ... Read More
Talking Serverless Security With Jeremiah Grossman

Talking Serverless Security With Jeremiah Grossman

I always enjoy talking about application security, whenever I have the chance, and with pretty much anyone. Having said that, throughout the years, I was fortunate enough to befriend a small group of people with which every discussion is always intriguing, challenging and truly inspiring. Within this group of people, ... Read More
Musings on Serverless and Application Security With Simon Wardley

Musings on Serverless and Application Security With Simon Wardley

While traveling home from ServerlessConf in San Francisco, I bumped into Simon Wardley and we engaged in an hour long discussion on serverless application security. I found the discussion extremely intriguing and thought it would be great to record an informal interview with Simon, and share it with our audience ... Read More
Hacking a Serverless Application: Demo

Hacking a Serverless Application (Demo)

In order to demonstrate the security risks and implications of an insecure serverless application, we created an AWS Lambda application, which contains a vulnerability, and on top of that, we applied an over-permissive AWS IAM role to the function. The two security issues can be exploited in order to exfiltrate ... Read More
Gone in 60 milliseconds: Offensive security in the serverless age (Rich Jones)

Recommended Reading: Serverless Security, Application Security and Other Serverless Related Topics

From time to time, I’m getting asked to recommend books, articles, blog posts or conference talks related to AWS lambda security, serverless security, application security, and security testing. I decided to put my list of recommendations into a blog post, which I will update as new materials become available, or ... Read More

5 Simple Questions On Serverless Security, That Every CISO Should Be Ready To Answer

There’s no doubt about it - serverless adoption is skyrocketing. The adoption of serverless architectures on major cloud providers like AWS and Microsoft Azure is growing exponentially at an estimated annual rate of 700%!. The benefits of serverless architectures are clear - organizations can innovate quickly and reduce the costs ... Read More
FunctionShield: A Free Serverless Protection Library to Help Harden Your Serverless Apps

FunctionShield: A Free Serverless Protection Library to Help Harden Your Serverless Apps

Today we are releasing a free serverless security protection library for AWS Lambda functions, which enables developers to harden the behavior of serverless runtimes and immunize functions against unwanted and potentially malicious behavior ... Read More
PureSec Improves Security In Apache OpenWhisk Serverless Runtime

PureSec Improves Security In Apache OpenWhisk Serverless Runtime

Our serverless threat research team identified and disclosed a security weakness in Apache OpenWhisk, the leading open source serverless platform which is being used by thousands of organizations. Apache OpenWhisk is the leading open source platform for serverless computing, and there are several commercial deployments of the technology ... Read More
Loading...