Serverless (FaaS) addresses some of today’s biggest security concerns. By eliminating infrastructure management, it moves the responsibility for server management from the application owner to the platform provider. Having dedicated experts maintaining those environments helps to mitigate several issues related to unpatched servers, compromised infrastructure, and even denial of service attacks.
Unfortunately, attackers won’t give up; they’ll simply adapt to this new world. More specifically, FaaS will move attackers’ focus from the servers to application concerns. In response, defenders must adjust their efforts accordingly.
Guy Podjarny explores what serverless means for security, discussing the security considerations that serverless helps to mitigate, the security issues that remain the same, and perhaps most importantly, the security issues that are even more critical in a serverless environment—and what you can do to defend your application against them.
Guy Podjarny is Snyk’s co-founder and CEO, focusing on using open source and staying secure. Guy was previously CTO at Akamai following their acquisition of his startup, Blaze.io, and worked on the first web app firewall & security code analyzer. Guy is a frequent conference speaker & the author of O’Reilly “Securing Open Source Libraries”, "Responsive & Fast” and “High Performance Images”.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org