Serverless Security
Cloud SecurityDefinition
Security practices for function-as-a-service architectures addressing risks unique to serverless computing: over-privileged execution roles, event injection, insecure dependencies, function timeout abuse, and cold-start monitoring gaps.
Technical Details
Serverless functions (AWS Lambda, Azure Functions, GCP Cloud Run) introduce unique security challenges: functions often run with overly broad IAM roles, event sources (S3, SQS, API Gateway) can be injection vectors, the ephemeral nature makes runtime monitoring difficult, and dependency supply chain risks are amplified by the ease of pulling packages. The OWASP Serverless Top 10 provides a structured risk framework.
Practical Usage
Security teams should apply least-privilege IAM roles to each function individually, scan function dependencies for vulnerabilities, monitor function invocation anomalies through cloud-native logging, and treat event sources as untrusted input requiring validation. RASP agents and eBPF-based monitoring tools increasingly support serverless runtime protection.
Examples
- An over-privileged Lambda function with S3 full-access is exploited via event injection to exfiltrate all bucket objects.
- A serverless image processing function is attacked by uploading a malicious image containing code that escapes the function sandbox.
- A CloudWatch alarm detects abnormal Lambda invocation patterns indicating cryptomining abuse of an exposed function.