How to secure serverless apps and how they are hacked

Attackers have several ways to hack serverless applications, but these best practices will help keep them out.

Serverless applications, also known as cloud functions, perform very specific tasks and exist for mere seconds. This makes them more efficient when it comes to getting the most out of your cloud environments and keeping costs down.

However, as with any new technologies, the security implications of this new paradigm are yet to be fully explored or understood. “Many folks still think that serverless is magic and that someone else is responsible for securing their code,” says Ory Segal, CTO and co-founder of PureSec. “That’s far from the truth.” But it is possible to harden serverless applications and apply security best practices to reduce the likelihood of compromise.

How to hack serverless functions

The servers still exist, of course, but the functions are abstracted and aren’t tied to any one piece of infrastructure. The fact that a server contains your function’s source code and at least one other hostd the temporary containers executing your functions means security should be taken seriously.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!