Skip to main content

Posts

Showing posts from November, 2018

AWS Lambda security risks

And here is the list of top Lambda security risks:

1. Function event data injection: Injection flaws in applications are one of the most common risks and can be triggered not only through untrusted input such as through a web API call but due to the potential attack surface of serverless architecture, can also come from cloud storage events, NoSQL databases, code changes, message queue events and IoT telemetry signals, among others.



2. Broken authentication: Applications built for serverless architectures often contain dozens -- or even hundreds -- of serverless functions, each with a specific purpose.

These functions connect together to form overall system logic, but some of these functions may expose public web APIs, others may consume events from different source types, and others may have coding issues ripe for exploit and attacks, which lead to unauthorized authentication.

3. Insecure serverless deployment configuration: The security firm found that incorrect settings and the mi…