Select Page

31 Free Serverless Security Ebooks, Articles and Resources

31 Free Serverless Security Ebooks, Articles and Resources
Serverless computing is becoming more popular as systems administrators look for new ways to build and run applications. These applications are easier to build, scalable and require less overhead than their server-based counterparts. But they can still be vulnerable to common attack vectors, so it is important to secure the application. Let’s take a look at how to evaluate these applications for vulnerability, create use cases to determine the best security measures to ensure your applications are secure, and what kind of problems to look out for.

Serverless computing demands a different mindset but secure serverless apps are at least as secure as their server-based counterparts. According to new research, the top two security concerns of companies implementing or using serverless platforms include compliance and how to handle data security. Below, you’ll find a curated list of awesome serverless security resources such as ebooks, articles, whitepapers, blogs and research papers.

AWS Lambda Security

  1. AWS Lambda Security Best-Practices eBook
    PDF eBook covering all the basics such as: Serverless Top 10, IAM roles & permissions, CloudTrail, AWS Config, API Gateway security.
  2. Foundations of AWS Lambda Security
    Webinar recording covering AWS Lambda security basics, IAM permissions, Scalability, Governance.
  3. AWS Lambda Security Quick-Start Guide
    A quick start guide portraying security strategies for AWS Lambda applications.
  4. AWS Lambda Security – Design for Failure
    Notes on the importance of IAM permissions for AWS Lambda.
  5. Attacking an AWS Account via a Lambda Function
    An article from DarkReading, describing attackers and defenders side of a real serverless bounty hunt.
  6. Minimizing the attack surface in Serverless
    Presentation covering the basics of serverless attack surfaces.
  7. Gone in 60 milliseconds: Offensive security in the serverless age
    A presentation video showing attack vectors using cloud event sources, exploitabilities in common serverless patterns and frameworks.
  8. Security Best Practices for Serverless Applications
    Basic best-practices for AWS Lambda.
  9. AWS IAM best practices
    Early AWS materials on IAM best practices.
  10. The Many-Faced Threats to the Serverless World
    An article covering most of the basic security risks.
  11. How to Encrypt Serverless Environment Variable Secrets with KMS
    Fundamentals of secrets handling with AWS KMS.
  12. Sharing Secrets with AWS Lambda Using AWS Systems Manager Parameter Store
    How to use parameter store for secrets.
  13. A Serverless Journey: AWS Lambda under the hood
    Great talk on how Lambda works, introduction to Firecracker.
  14. The FireCracker Virtual Machine Monitor
    An analysis of AWS Firecracker.
  15. AWS Lambda Serverless Security Workshop
    Learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora (Re:Invent 2018 workshop).

Security Tools / Solutions

  1. Secure Serverless CI/CD with Codeship, PureSec, and AWS Lambda
    A step by step guide for secure serverless CI/CD.
RELATED

Other Related Posts

  1. 413 Site Reliability and Production Engineering Resources & Tools – 2021
    This post is a curated list of awesome Site Reliability and Production Engineering resources. These resources include books, articles, blogs, newsletters covering various topics such as culture, reliability, monitoring, planning, SLA and many more.
  2. Exploring Serverless Applications with Node.js – 2020
    Going serverless and hosting your web applications in the cloud drastically reduces the time you spend worrying about infrastructure—giving you more time for building features and solving business problems. Serverless apps are easier to scale, quicker to develop, and less complex than traditional server-hosted applications.

Azure Functions Security

  1. Azure Functions & Serverless Platform Security
    Some basics on Azure functions security.
  2. Run Your Azure Functions from a Package File
    Deploying immutable Azure functions.
  3. Security in Azure App Service & Azure Functions
    More basic concepts for Azure functions.
  4. Identity & Secure Resource Access in App Service & Azure Functions
    Explores features in App Service or Azure functions which make working with identities simple (Build Conference).
  5. Secure Azure Functions with JWT access tokens
    A blog post on how to use JWT access tokens with Azure functions.

Google Cloud Functions Security

  1. Function Identity
    Documentation for Google Cloud Functions IAM and per-function identity.

Serverless Risks / General

  1. Securing Serverless: A Newbie’s Guide
    A terrific newbie’s guide by Jeremy Daly.
  2. Serverless Security: What are we up against
    A conference talk from ServerlessDays covering serverless security basics.
  3. Hacking Serverless Runtimes
    Good early insights presentation from BlackHat conference 2017.
  4. Serverless Security and Things that Go Bump in the Night
    QCon NYC presentation by Silvexis covering security basics for serverless.
  5. Securing Cloud via Serverless Design Patterns
    Six serverless design patterns to build security services in the cloud.
  6. Peeking Behind the Curtains of Serverless Platforms
    Provides insights into architectures, resource utilization, and the performance isolation efficiency of AWS Lambda, GCF and Azure Functions.
  7. Serverless Architectures
    The best overview on serverless architectures. This article provides an in-depth look at serverless architectures.

Other Interesting Articles / Web Pages

  1. Google gVisor & Google Cloud Functions
    A blog post covering Google gVisor and how it is used with Google Cloud Functions.
  2. IBM Cloud Functions – Platform Architecture
    OpenWhisk & IBM Cloud Functions overview.