Serverless Security Vulnerabilities

Off Cyber Security Research,

Adoption of serverless is on the rise—nearly half (49%) of organizations are running their applications on the technology. While serverless technology eliminates many of the security responsibilities related to underlying technologies, developers are still on the hook regarding serverless functions.

For example, the particular transaction of a serverless function may be short-lived, but they have very broad access into other parts of your infrastructure—so the classic types of vulnerabilities seen in app server-based programs, including injection attacks, are all still possible in a serverless environment and are increasing.

According to the recent “State of #Serverless Security in 2022” report, 71 percent say their serverless applications have 10+ vulnerabilities on average, and 88% saw 4+ successful attacks on serverless applications in the past 12 months alone.

Below are the top five vulnerabilities, courtesy of Contrast Security’s State of Serverless Application Security Report:

Tags:

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy