Join us for a half-day of conversations this 30 Sep 2020, at Microsoft Create: Serverless and connect with the experts and community members to discuss how you can run code for any application without having to manage servers.
Add to your calendar: https://aka.ms/createserverless
Serverless Security with Guy Podjarny.
Serverless implicitly helps tackling security concerns by pushing the handling of them to the underlying platform. A few notable ones:
- Unpatched operating systems: Serverless takes away the need to patch your own servers, the platform is responsible for managing the OS for you and patches it well
- Denial of service attacks: extreme elasticity naturally deals with bad traffic that might try to use up your capacity so that you cannot serve you legitimate users
- Long standing compromised servers: Immutable and short lived servers prevent or reset malicious agents
So, with that, Serverless helps with all these things, but it doesn't get all the job done. There's a lot of responsibility that still lives with you, the developer. Let's dig into what those responsibilities.
We're going to go through them in a model called CLAD:
- Code - A function’s code may contain vulnerabilities attackers can exploit.
- Libraries - Known vulnerabilities in application dependencies are easy ways in for attackers.
- Access - You may give excessive access to sensitive data or functions initially or over time.
- Data - you may store or access data insecurely, risking leaks or tampering.
Read the whole article...
CLAD Model for Serverless Security
Wassim Chegham for Microsoft Azure ・ Sep 30 '20 ・ 11 min read
Want to know more? Join us on Sep 30th, at 9:05 AM (PDT) to discuss the changes for security with the introduction of 'Serverless'; Which security concerns does the platform take away? Which security risks may get elevated? And most importantly, Guy and I will also share how you can protect your serverless applications.
New to Serverless Concepts and Technologies? Start here:
- Read: Azure Functions Docs - to learn core concepts!
- Create: Serverless Applications - with this hands-on tutorial.
- Watch: POWERful Serverless Applications - a no-code option.
- Azure Serverless Functions security.
- Security in Azure App Services.
- Get a free copy of Serverless Security book by Guy Podjarny and Liran Tal.
- Try Azure fro FREE
Code of Conduct
You are expected to adhere to the Create:Serverless's code of conduct as well as Dev.to's code of conduct.
Want to keep track of these events and conversations? Follow the #mscreate tag above or follow @MicrosoftCreate on Twitter.
Top comments (0)