Serverless applications can have significant security benefits, for example no need for the customer to patch or update operating systems and platforms. However, serverless architectures can also introduce new risks which in the worst case could lead to complete compromise of a customer’s cloud account.
The presenter discusses examples of vulnerable or badly configured serverless functions based on experience, and in a live demonstration, shows how a “bad” Lambda function can lead to compromise of confidential data in the cloud. 10 Steps to Lambda Security are presented, providing a practical security checklist for developers implementing serverless architectures in AWS.
A basic understanding of serverless functions is needed to follow the content of the talk.
You can view Paul’s slides below:
Paul Schwarzenberger – Ten Steps to Lambda Security