9 serverless security best practices
- Map your application - consider the data involved, its value and services that access it.
- Keep using your WAF and API Gateway but apply perimeter security at the function level too.
- Secure application dependencies to prevent new vulnerable packages from being used.
- Look out for bad code that can trigger a self-inflicted denial-of-service attack from within your application.
- Add tests for service configuration to CI/CD & PROD.
- Make FaaS containers refresh to limit the lifetime of function instances.
Full post here, 4 mins read