The 12 Most Critical Risks for Serverless Applications

The 12 Most Critical Risks for Serverless Applications

Published Feb 28, 2019

Cloud Security Alliance (CSA) and PureSec Proudly Present: The Most Comprehensive Guide Covering the Top Potential Risks for Applications Built on Serverless Architectures and how to mitigate them.

The guide covers the following topics:

  • Serverless security overview
  • SAS-1: Function event-data injection
  • SAS-2: Broken authentication
  • SAS-3: Insecure serverless deployment configuration
  • SAS-4: Over-privileged function permissions and roles
  • SAS-5: Inadequate function monitoring and logging
  • SAS-6: Insecure third-party dependencies
  • SAS-7: Insecure application secrets storage
  • SAS-8: Denial of service & financial resource exhaustion
  • SAS-9: Serverless business logic manipulation
  • SAS-10: Improper exception handling and verbose error messages
  • SAS-11: Obsolete functions, cloud resources and event triggers
  • SAS-12: Cross-execution data persistency

Get the Guide