! To download the full report: https://www.puresec.io/serverless-security-top-12-csa-puresec !
Early in 2018, PureSec published the world’s first Serverless Security Top 10 risks paper. The report was based on preliminary data and feedback from serverless evangelists, thought leaders and cloud vendors.
Since then, serverless has seen tremendous growth, and more data was collected on the ways organizations harness serverless, their approach to serverless development, and the most common recurring mistakes related to security and privacy of serverless applications.
In addition, the serverless security industry evolved offering new mitigation approaches for customers, such as PureSec’s industry leading Serverless Security Platform, as well as new features offered by cloud providers, which can help with improving serverless security posture.
PureSec recently joined the Cloud Security Alliance, the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. As part of this new partnership with the CSA, we are pleased to announce the release of a new serverless security guide titled “The 12 Most Critical Risks for Serverless Applications”.
The report was written for both security and development audiences dealing with serverless applications, and goes well beyond pointing the risks. It provides mitigations, best-practices and a comparison between traditional applications to their serverless counterparts.
The Top 12 Risks listed in the document are:
- SAS-01: Function event-data injection
- SAS-02: Broken authentication
- SAS-03: Insecure serverless deployment configuration
- SAS-04: Over-privileged function permissions and roles
- SAS-05: Inadequate function monitoring and logging
- SAS-06: Insecure third-party dependencies
- SAS-07: Insecure application secrets storage
- SAS-08: Denial of service and financial resource exhaustion
- SAS-09: Serverless business logic manipulation
- SAS-10: Improper exception handling and verbose error messages
- SAS-11: Legacy / Unused functions & cloud resources
- SAS-12: Cross-execution data persistency
You can find more information in the report: https://www.puresec.io/serverless-security-top-12-csa-puresec
