FunctionShield: A Free Serverless Protection Library to Help Harden Your Serverless Apps
Today we are releasing a free serverless security protection library for AWS Lambda functions, which enables developers to harden the behavior of serverless runtimes and immunize functions against unwanted and potentially malicious behavior ... Read More
PureSec Improves Security In Apache OpenWhisk Serverless Runtime
Our serverless threat research team identified and disclosed a security weakness in Apache OpenWhisk, the leading open source serverless platform which is being used by thousands of organizations. Apache OpenWhisk is the leading open source platform for serverless computing, and there are several commercial deployments of the technology ... Read More
PureSec Releases AWS Lambda Function Code Integrity Protection
There are three general ways an attacker may subvert serverless function logic: ... Read More
Generating Least Privileged IAM Roles for AWS Lambda Functions – The Easy Way
The AWS IAM model is one of the most granular and powerful permission models you will find among cloud providers. However, as the saying goes, "with great power, comes great responsibility" ... Read More
Serverless Security Forensic Data Analysis With PureSec
My two previous blog posts covered one of my favorite topics related to serverless security, the first blog post demonstrated how you can automate SQL Injection testing by using SQLMap together with ‘Lambda-Proxy’, a small utility developed and published by PureSec. In the second blog post, we demonstrated how you ... Read More
Protecting Your Serverless Functions From Event-Data Injection Attacks In Less Than 2 Minutes
In our previous blog post we released a new utility called ‘Lambda-Proxy’, which helps SecDevOps teams to perform automated SQL Injection testing for AWS Lambda functions. The tool harnesses the power of SQLMap, the leading SQL Injection testing and exploitation tool, and wires it with the AWS SDK in order ... Read More
Automated SQL Injection Testing of Serverless Functions On a Shoestring Budget (and Some Good Music)
* The work presented in this blog post was done together with Yuri Shapira, Security Researcher at PureSec ... Read More
Rise of the (Serverless) Machines
Earlier this week, at the Microsoft Build conference 2018 in Seattle, PureSec unveiled the world’s first and only serverless security runtime environment for Azure functions (I actually demonstrated it live on stage). As stated in our press release, this means that organizations using AWS Lambda, Azure Functions, or both, can ... Read More
Weaknesses In Hybrid Serverless-Container Apps
One of the common use cases for serverless applications is to serve as an orchestration component for cloud applications. In such cases, serverless functions serve as the glue that holds everything together ... Read More
Securing Serverless – Blog Series – Episode 0x06 – Don’t Just Stand There…Do Something!
Wow, we’re already at the sixth installment of the “Securing Serverless” blog series. Here’s a quick recap of previous episodes: ... Read More