PureSec Releases AWS Lambda Function Code Integrity Protection

PureSec Releases AWS Lambda Function Code Integrity Protection

There are three general ways an attacker may subvert serverless function logic: ... Read More

Generating Least Privileged IAM Roles for AWS Lambda Functions – The Easy Way

The AWS IAM model is one of the most granular and powerful permission models you will find among cloud providers. However, as the saying goes, "with great power, comes great responsibility" ... Read More
Serverless Security Forensic Data Analysis With PureSec

Serverless Security Forensic Data Analysis With PureSec

My two previous blog posts covered one of my favorite topics related to serverless security, the first blog post demonstrated how you can automate SQL Injection testing by using SQLMap together with ‘Lambda-Proxy’, a small utility developed and published by PureSec. In the second blog post, we demonstrated how you ... Read More
Protecting Your Serverless Functions From Event-Data Injection Attacks In Less Than 2 Minutes

Protecting Your Serverless Functions From Event-Data Injection Attacks In Less Than 2 Minutes

In our previous blog post we released a new utility called ‘Lambda-Proxy’, which helps SecDevOps teams to perform automated SQL Injection testing for AWS Lambda functions. The tool harnesses the power of SQLMap, the leading SQL Injection testing and exploitation tool, and wires it with the AWS SDK in order ... Read More
Automated SQL Injection Testing of Serverless Functions On a Shoestring Budget (and Some Good Music)

Automated SQL Injection Testing of Serverless Functions On a Shoestring Budget (and Some Good Music)

* The work presented in this blog post was done together with Yuri Shapira, Security Researcher at PureSec ... Read More
Microsoft Build: DJI Drone Demo

Rise of the (Serverless) Machines

Earlier this week, at the Microsoft Build conference 2018 in Seattle, PureSec unveiled the world’s first and only serverless security runtime environment for Azure functions (I actually demonstrated it live on stage). As stated in our press release, this means that organizations using AWS Lambda, Azure Functions, or both, can ... Read More
Weaknesses In Hybrid Serverless-Container Apps

Weaknesses In Hybrid Serverless-Container Apps

One of the common use cases for serverless applications is to serve as an orchestration component for cloud applications. In such cases, serverless functions serve as the glue that holds everything together ... Read More
Securing Serverless - Blog Series - Episode 0x06 - Don’t Just Stand There...Do Something!

Securing Serverless – Blog Series – Episode 0x06 – Don’t Just Stand There…Do Something!

Wow, we’re already at the sixth installment of the “Securing Serverless” blog series. Here’s a quick recap of previous episodes: ... Read More

Applying ROP Chaining Concepts to Serverless Functions

A couple of weeks ago, I gave a talk on serverless security at Check Point. After my talk, Ohad Bobrov (VP, Enterprise Mobility at Check Point) approached me, and mentioned that he sees some resemblance between the ROP chaining exploitation technique, and the “SAS-09” entry in the Serverless Top 10 ... Read More
Loading...