header image icon - chart

Serverless Security Checklist

Serverless Security Checklist 73

Serverless Security. Developed a Serverless application but have you thought about how you are going to secure it?

Serverless application Security Vulnerability Checklist shows that serverless applications require a slightly different security approach than traditional ones.

Serverless Architectures reduces the security burden of the developer and doesn’t negate it totally.

Remembering applying general good coding practices, regardless of whether using traditional servers or serverless architectures. Writing clean code, store secrets safely, using input validation and error handling are all universal good coding practices that help to protect from security vulnerabilities.

This checklist guide to protect the application and helps you identify possible security risks.

Securing server application is essential whether it is serverless or traditional.

Serverless Security Vulnerability Checklist

Serverless Security Checklist 74

Denial of service attacks (DoS / DDos)

Efficient code using timeouts and throttling.

Denial of Service attacks on serverless architectures can cause financial and resource unavailability disasters.

Serverless Security Checklist 74

Business Logic Manipulation

Using flaw in programming between  the exchange of information of the user interface and the  database.

Serverless Security Checklist 74

Resource abuse

Minimum Privileges – Don’t set a single permission level for a whole service which includes loads of functions.

Serverless Security Checklist 74

Data injection

Install Firewall

Event injection input validation and predefined database layer logic.

Serverless Security Checklist 74

Insecure authentication

Built-in authentication solutions and avoiding dangerous deployment setting.

Serverless Security Checklist 74

Insecure storage

encrypt your application secrets.

Serverless Security Checklist 74

Insecure Deployment settings

Keep files encrypted.

Serverless Security Checklist 74

Vulnerable Third-Party API

Tool Integration

Serverless Security Checklist 74

Insufficient logging and Monitoring

Establish effective monitoring and alerting.

Log sufficient user context to identify suspicious or malicious accounts.

Serverless Security Checklist 74

Error Handling

Write unit tests. 

Serverless Security Checklist 74

Exception Handling

Log stack traces to  console or dedicated log.

Never send stack traces back to the end user.

Lambda Architecture uses scalable and fault-tolerant real time data processing with low latency for massive big data.

Related Checklists

Leave a Reply

Your email address will not be published. Required fields are marked *

Leave a Reply

Your email address will not be published. Required fields are marked *