• Event data injections are really hard to identify & block in serverless architecture.
  • Broken authentication is a big risk. There are hundreds of distinct functions, triggers & events that you must provide with the right access control and protection.
  • High degree of settings customization offered in serverless can lead to insecure deployment configurations. Make functions stateless at the design stages to avoid exposing sensitive data.
  • Over privileged functions are huge security risks.
  • Poor function monitoring and logging. Collect real-time logs from serverless functions and services, and push them to a remote SIEM system.
  • Third-party dependencies on web services (through API calls), software packages and open-source libraries.

Full post here, 4 mins read