Let's talk about Serverless Security – Create:Serverless

Create:Serverless

Join us for a half-day of conversations this 30 Sep 2020, at Microsoft Create: Serverless and connect with the experts and community members to discuss how you can run code for any application without having to manage servers.

Add to your calendar: https://aka.ms/createserverless

Serverless Security with Guy Podjarny.

Serverless implicitly helps tackling security concerns by pushing the handling of them to the underlying platform. A few notable ones:

1. Unpatched operating systems: Serverless takes away the need to patch your own servers, the platform is responsible for managing the OS for you and patches it well
2. Denial of service attacks: extreme elasticity naturally deals with bad traffic that might try to use up your capacity so that you cannot serve you legitimate users
3. Long standing compromised servers: Immutable and short lived servers prevent or reset malicious agents

So, with that, Serverless helps with all these things, but it doesn't get all the job done. There's a lot of responsibility that still lives with you, the developer. Let's dig into what those responsibilities.

We're going to go through them in a model called CLAD:

1. Code - A function’s code may contain vulnerabilities attackers can exploit.
2. Libraries - Known vulnerabilities in application dependencies are easy ways in for attackers.
3. Access - You may give excessive access to sensitive data or functions initially or over time.
4. Data - you may store or access data insecurely, risking leaks or tampering.

Read the whole article...

CLAD Model for Serverless Security

Wassim Chegham for Microsoft Azure ・ Sep 30 '20

#javascript #serverless #mscreate #security

Want to know more? Join us on Sep 30th, at 9:05 AM (PDT) to discuss the changes for security with the introduction of 'Serverless'; Which security concerns does the platform take away? Which security risks may get elevated? And most importantly, Guy and I will also share how you can protect your serverless applications.

New to Serverless Concepts and Technologies? Start here:

• Read: Azure Functions Docs - to learn core concepts!
• Create: Serverless Applications - with this hands-on tutorial.
• Watch: POWERful Serverless Applications - a no-code option.
• Azure Serverless Functions security.
• Security in Azure App Services.
• Get a free copy of Serverless Security book by Guy Podjarny and Liran Tal.
• Try Azure fro FREE

Code of Conduct

You are expected to adhere to the Create:Serverless's code of conduct as well as Dev.to's code of conduct.

Want to keep track of these events and conversations? Follow the #mscreate tag above or follow @MicrosoftCreate on Twitter.