DEV Community

Cover image for Let's talk about Serverless Security – Create:Serverless
Wassim Chegham for Microsoft Azure

Posted on • Edited on

Let's talk about Serverless Security – Create:Serverless

Create:Serverless

Join us for a half-day of conversations this 30 Sep 2020, at Microsoft Create: Serverless and connect with the experts and community members to discuss how you can run code for any application without having to manage servers.

Add to your calendar: https://aka.ms/createserverless

Alt Text

Serverless Security with Guy Podjarny.

Serverless implicitly helps tackling security concerns by pushing the handling of them to the underlying platform. A few notable ones:

  1. Unpatched operating systems: Serverless takes away the need to patch your own servers, the platform is responsible for managing the OS for you and patches it well
  2. Denial of service attacks: extreme elasticity naturally deals with bad traffic that might try to use up your capacity so that you cannot serve you legitimate users
  3. Long standing compromised servers: Immutable and short lived servers prevent or reset malicious agents

So, with that, Serverless helps with all these things, but it doesn't get all the job done. There's a lot of responsibility that still lives with you, the developer. Let's dig into what those responsibilities.

We're going to go through them in a model called CLAD:

  1. Code - A function’s code may contain vulnerabilities attackers can exploit.
  2. Libraries - Known vulnerabilities in application dependencies are easy ways in for attackers.
  3. Access - You may give excessive access to sensitive data or functions initially or over time.
  4. Data - you may store or access data insecurely, risking leaks or tampering.

Read the whole article...

Want to know more? Join us on Sep 30th, at 9:05 AM (PDT) to discuss the changes for security with the introduction of 'Serverless'; Which security concerns does the platform take away? Which security risks may get elevated? And most importantly, Guy and I will also share how you can protect your serverless applications.

New to Serverless Concepts and Technologies? Start here:

Code of Conduct

You are expected to adhere to the Create:Serverless's code of conduct as well as Dev.to's code of conduct.

#mscreate

Want to keep track of these events and conversations? Follow the #mscreate tag above or follow @MicrosoftCreate on Twitter.

Top comments (0)