31 Free Serverless Security Ebooks, Articles and Resources
Serverless computing demands a different mindset but secure serverless apps are at least as secure as their server-based counterparts. According to new research, the top two security concerns of companies implementing or using serverless platforms include compliance and how to handle data security. Below, you’ll find a curated list of awesome serverless security resources such as ebooks, articles, whitepapers, blogs and research papers.
AWS Lambda Security
- AWS Lambda Security Best-Practices eBook
PDF eBook covering all the basics such as: Serverless Top 10, IAM roles & permissions, CloudTrail, AWS Config, API Gateway security.
- Foundations of AWS Lambda Security
Webinar recording covering AWS Lambda security basics, IAM permissions, Scalability, Governance.
- AWS Lambda Security Quick-Start Guide
A quick start guide portraying security strategies for AWS Lambda applications.
- AWS Lambda Security – Design for Failure
Notes on the importance of IAM permissions for AWS Lambda.
- Attacking an AWS Account via a Lambda Function
An article from DarkReading, describing attackers and defenders side of a real serverless bounty hunt.
- Minimizing the attack surface in Serverless
Presentation covering the basics of serverless attack surfaces.
- Gone in 60 milliseconds: Offensive security in the serverless age
A presentation video showing attack vectors using cloud event sources, exploitabilities in common serverless patterns and frameworks.
- Security Best Practices for Serverless Applications
Basic best-practices for AWS Lambda.
- AWS IAM best practices
Early AWS materials on IAM best practices.
- The Many-Faced Threats to the Serverless World
An article covering most of the basic security risks.
- How to Encrypt Serverless Environment Variable Secrets with KMS
Fundamentals of secrets handling with AWS KMS.
- Sharing Secrets with AWS Lambda Using AWS Systems Manager Parameter Store
How to use parameter store for secrets.
- A Serverless Journey: AWS Lambda under the hood
Great talk on how Lambda works, introduction to Firecracker.
- The FireCracker Virtual Machine Monitor
An analysis of AWS Firecracker.
- AWS Lambda Serverless Security Workshop
Learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora (Re:Invent 2018 workshop).
Security Tools / Solutions
- Secure Serverless CI/CD with Codeship, PureSec, and AWS Lambda
A step by step guide for secure serverless CI/CD.
Other Related Posts
- 413 Site Reliability and Production Engineering Resources & Tools – 2021
This post is a curated list of awesome Site Reliability and Production Engineering resources. These resources include books, articles, blogs, newsletters covering various topics such as culture, reliability, monitoring, planning, SLA and many more.
- Exploring Serverless Applications with Node.js – 2020
Going serverless and hosting your web applications in the cloud drastically reduces the time you spend worrying about infrastructure—giving you more time for building features and solving business problems. Serverless apps are easier to scale, quicker to develop, and less complex than traditional server-hosted applications.
Azure Functions Security
- Azure Functions & Serverless Platform Security
Some basics on Azure functions security.
- Run Your Azure Functions from a Package File
Deploying immutable Azure functions.
- Security in Azure App Service & Azure Functions
More basic concepts for Azure functions.
- Identity & Secure Resource Access in App Service & Azure Functions
Explores features in App Service or Azure functions which make working with identities simple (Build Conference).
- Secure Azure Functions with JWT access tokens
A blog post on how to use JWT access tokens with Azure functions.
Google Cloud Functions Security
- Function Identity
Documentation for Google Cloud Functions IAM and per-function identity.
Serverless Risks / General
- Securing Serverless: A Newbie’s Guide
A terrific newbie’s guide by Jeremy Daly.
- Serverless Security: What are we up against
A conference talk from ServerlessDays covering serverless security basics.
- Hacking Serverless Runtimes
Good early insights presentation from BlackHat conference 2017.
- Serverless Security and Things that Go Bump in the Night
QCon NYC presentation by Silvexis covering security basics for serverless.
- Securing Cloud via Serverless Design Patterns
Six serverless design patterns to build security services in the cloud.
- Peeking Behind the Curtains of Serverless Platforms
Provides insights into architectures, resource utilization, and the performance isolation efficiency of AWS Lambda, GCF and Azure Functions.
- Serverless Architectures
The best overview on serverless architectures. This article provides an in-depth look at serverless architectures.