DEV Community

Cover image for Let's talk about Serverless Security – Create:Serverless
Wassim Chegham for Microsoft Azure

Posted on • Edited on

9 2

Let's talk about Serverless Security – Create:Serverless

Create:Serverless

Join us for a half-day of conversations this 30 Sep 2020, at Microsoft Create: Serverless and connect with the experts and community members to discuss how you can run code for any application without having to manage servers.

Add to your calendar: https://aka.ms/createserverless

Alt Text

Serverless Security with Guy Podjarny.

Serverless implicitly helps tackling security concerns by pushing the handling of them to the underlying platform. A few notable ones:

  1. Unpatched operating systems: Serverless takes away the need to patch your own servers, the platform is responsible for managing the OS for you and patches it well
  2. Denial of service attacks: extreme elasticity naturally deals with bad traffic that might try to use up your capacity so that you cannot serve you legitimate users
  3. Long standing compromised servers: Immutable and short lived servers prevent or reset malicious agents

So, with that, Serverless helps with all these things, but it doesn't get all the job done. There's a lot of responsibility that still lives with you, the developer. Let's dig into what those responsibilities.

We're going to go through them in a model called CLAD:

  1. Code - A function’s code may contain vulnerabilities attackers can exploit.
  2. Libraries - Known vulnerabilities in application dependencies are easy ways in for attackers.
  3. Access - You may give excessive access to sensitive data or functions initially or over time.
  4. Data - you may store or access data insecurely, risking leaks or tampering.

Read the whole article...

Want to know more? Join us on Sep 30th, at 9:05 AM (PDT) to discuss the changes for security with the introduction of 'Serverless'; Which security concerns does the platform take away? Which security risks may get elevated? And most importantly, Guy and I will also share how you can protect your serverless applications.

New to Serverless Concepts and Technologies? Start here:

Code of Conduct

You are expected to adhere to the Create:Serverless's code of conduct as well as Dev.to's code of conduct.

#mscreate

Want to keep track of these events and conversations? Follow the #mscreate tag above or follow @MicrosoftCreate on Twitter.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More