A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration

In traditional applications, security misconfiguration can happen at any level of an application stack, including network services, platform, […] The post A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration appeared first on Protego ... Read More
Broken Access Control in Serverless

Broken Access Control in Serverless Deployments

Maintaining good access control in traditional apps is one of the hardest tasks. It involves both code and configuration. Both in the application and the infrastructure level. With the right serverless security tools, you will be to enforce least privilege permissions for code, without depending on the developer to know ... Read More
A Deep Dive into Serverless Attacks, SLS-4:  XML External Entity (XXE) Attacks

A Deep Dive into Serverless Attacks, SLS-4: XML External Entity (XXE) Attacks

Let me first apologize for the long absence. However, I haven’t been idle. I’ve been working hard to […] The post A Deep Dive into Serverless Attacks, SLS-4: XML External Entity (XXE) Attacks appeared first on Protego ... Read More
Cloud Native Security: What it Means

Cloud Native Security: What it Means

| | Serverless Security
The post Cloud Native Security: What it Means appeared first on Protego ... Read More
Level Up on Security with the New Damn Vulnerable Serverless App

Level Up on Security with the New Damn Vulnerable Serverless App

Welcome to 2019. The year we will all understand that serverless is not a fleeting trend, but is […] The post Level Up on Security with the New Damn Vulnerable Serverless App appeared first on Protego ... Read More
A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure

Great news! The OWASP Serverless Top 10 first release is out! And so, we continue with this blog […] The post A Deep Dive into Serverless Attacks, SLS-3: Sensitive Data Disclosure appeared first on Protego ... Read More
Serverless Application Attacks SLS-1: Event Injection

A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication

Thanks for joining me for the second post in the series. In the previous post I discussed what […] The post A Deep Dive into Serverless Attacks, SLS-2: Broken Authentication appeared first on Protego ... Read More
Serverless Application Attacks SLS-1: Event Injection

A Deep Dive into Serverless Attacks, SLS-1: Event Injection

The OWASP Serverless top 10 project was just launched. It aims at educating practitioners and organizations about the […] The post A Deep Dive into Serverless Attacks, SLS-1: Event Injection appeared first on Protego ... Read More
Securing Serverless Apps

6 Things You’re Probably Doing Wrong Securing Serverless Apps

Do you ever have that sinking feeling in the pit of your stomach, worrying that you’ve forgotten something? […] The post 6 Things You’re Probably Doing Wrong Securing Serverless Apps appeared first on Protego ... Read More