Microsoft Build: DJI Drone Demo

Rise of the (Serverless) Machines

Earlier this week, at the Microsoft Build conference 2018 in Seattle, PureSec unveiled the world’s first and only serverless security runtime environment for Azure functions (I actually demonstrated it live on stage). As stated in our press release, this means that organizations using AWS Lambda, Azure Functions, or both, can ... Read More
Weaknesses In Hybrid Serverless-Container Apps

Weaknesses In Hybrid Serverless-Container Apps

One of the common use cases for serverless applications is to serve as an orchestration component for cloud applications. In such cases, serverless functions serve as the glue that holds everything together ... Read More
Securing Serverless - Blog Series - Episode 0x06 - Don’t Just Stand There...Do Something!

Securing Serverless – Blog Series – Episode 0x06 – Don’t Just Stand There…Do Something!

Wow, we’re already at the sixth installment of the “Securing Serverless” blog series. Here’s a quick recap of previous episodes: ... Read More

Applying ROP Chaining Concepts to Serverless Functions

A couple of weeks ago, I gave a talk on serverless security at Check Point. After my talk, Ohad Bobrov (VP, Enterprise Mobility at Check Point) approached me, and mentioned that he sees some resemblance between the ROP chaining exploitation technique, and the “SAS-09” entry in the Serverless Top 10 ... Read More
Securing Serverless - Blog Series - Episode 0x05 - When Developers Close a Door, They Always Open a Window

Securing Serverless – Blog Series – Episode 0x05 – When Developers Close a Door, They Always Open a Window

I’ve been waiting for a while now for the AWS folks to open AWS Serverless Application Repository to the general public. What could be more fun than getting access to even more serverless applications, seeing what people are up to, and finding even more ideas on what you can build ... Read More
What Makes a Good Serverless Security Solution?

What Makes a Good Serverless Security Solution?

Having spent the last year and a half evangelizing serverless security and explaining how PureSec can help organizations with securing their serverless applications, it dawned on me that many people don’t have a clear understanding as to what really needs to be secured, and what is the problem we are ... Read More
ReDoS Vulnerability in "AWS-Lambda-Multipart-Parser" Node Package

ReDoS Vulnerability in “AWS-Lambda-Multipart-Parser” Node Package

== Summary == The Node package “aws-lambda-multipart-parser” was found to be vulnerable to a ReDoS (Regular-Expression Denial of Service) attack vector. This vulnerability enables a malicious user to cause each AWS Lambda function which uses it to stall until it times out. An attacker may send numerous concurrent malicious requests ... Read More
Securing Serverless - Blog Series - Episode 0x04 - The Six Most Common Reactions to The Words “Serverless Security”

Securing Serverless – Blog Series – Episode 0x04 – The Six Most Common Reactions to The Words “Serverless Security”

Having talked with many organizations about serverless security lately, I can pretty much classify the initial CISO reactions when I bring up the topic of “serverless security”: ... Read More
Securing Serverless - Blog Series - Episode 0x03 - It's Not You, It's Me...

Securing Serverless – Blog Series – Episode 0x03 – It’s Not You, It’s Me…

This is the third installment of the “Securing Serverless” blog series. Our first two episodes, covered the following topics: ... Read More
Loading...