Serverless Security

by Guy Podjarny, Liran Tal

Serverless is taking the cloud native world by storm. This new approach promises extraordinary value, from increased developer productivity to dramatic cost savings. In some aspects, serverless also boasts significant security advantages compared to the server model. But as this practical report explains, securing serverless still requires diligence from the developers and application security professionals involved in the process.

Guy Podjarny and Liran Tal from Snyk examine the significant benefits that serverless brings to application security, as well as the considerable risks involved when you configure a serverless system. You’ll also learn a platform-agnostic security model known as CLAD that will help you address Code vulnerabilities, Library vulnerabilities, Access and permissions, and Data security.

This report helps you:

Understand what serverless is and how this model evolved from cloud native processes
Explore the three primary areas where serverless improves security
Learn how the CLAD model provides four categories to help you home in on specific security issues
Follow a detailed example that demonstrates how poor security manifests in real-world serverless applications

63 pages, ebook

Published November 1, 2019