How to secure serverless apps and how they are hacked

Attackers have several ways to hack serverless applications, but these best practices will help keep them out.

vault protected safe clouds breach security

Serverless applications, also known as cloud functions, perform very specific tasks and exist for mere seconds. This makes them more efficient when it comes to getting the most out of your cloud environments and keeping costs down.

However, as with any new technologies, the security implications of this new paradigm are yet to be fully explored or understood. “Many folks still think that serverless is magic and that someone else is responsible for securing their code,” says Ory Segal, CTO and co-founder of PureSec. “That’s far from the truth.” But it is possible to harden serverless applications and apply security best practices to reduce the likelihood of compromise.

How to hack serverless functions

The servers still exist, of course, but the functions are abstracted and aren’t tied to any one piece of infrastructure. The fact that a server contains your function’s source code and at least one other hostd the temporary containers executing your functions means security should be taken seriously.

“Serverless functions are simply pieces of code which are executed by the cloud provider when a certain event triggers,” says Segal. “As such, they can suffer from application layer vulnerabilities just like any other software.”

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.