All kidding aside, while recent research indicates significant risks in serverless apps, these risks can largely be mitigated using simple, automated steps in CI/CD pipelines, in both staging and production environments. Taking the right preventative measures can significantly reduce risk and thwart potential attacks.
In this webinar, we analyze the risks and attack vectors highlighted by OWASP and other research, categorizing them into 4 categories based on their severity/potential impact. We will show how Aqua’s serverless security solution addresses each category, demonstrating the following:
•Securing the serverless CI/CD pipeline
•Automated checks in staging environments that create least privilege roles/permissions model
•Profiling Functions’ behavior based data collected during runtime.
•Usage of AWS Lambda layers to identify/block malicious activity in serverless functions