Security vulnerabilities and mitigation guidelines
As mentioned earlier, serverless computing, by design, takes away a lot of security responsibilities from the application owner. A FaaS/BaaS vendor has to secure the underlying serverless infrastructure. However, this also opens up several other attack vectors for serverless applications. A bifurcation of security responsibilities between the vendor and the application owner is shown as follows:
Figure 10.1 – Security responsibilities – the vendor versus the application owner
Serverless applications have several vulnerabilities, many of them overlapping with the vulnerabilities of traditional applications. The software industry and the cybersecurity community invest in identifying such vulnerabilities and coming up with strategies and techniques to defend against them. Often, such research is conducted and collated by various organizations and published for the community to adopt them. In...
