Is serverless insecure? Let's find out..aws

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 113
Joined: Tue Nov 26, 2013 9:44 pm

Is serverless insecure? Let's find out..aws

Post by morganism » Sat Aug 18, 2018 10:27 pm

Is serverless insecure? Let's find out..

"This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare.

Do whatever you want. Ultimate goal: take over the account, escalate privs or find some sensitive info."

http://www.lambdashell.com/

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3318
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Is serverless insecure? Let's find out..aws

Post by GµårÐïåñ » Sat Aug 18, 2018 10:50 pm

Serverless, in the context of cloud computing, is not inherently insecure, in fact in many cases the exact opposite.

However, they do NOT secure your code or YOUR actions, that's your portion under the "Shared Responsibility Model" and that means that flaws in your code, are your fault and your responsibility and it is not unique to cloud computing, you can do blunders like this on traditional systems too.

Ultimately the security of the code, app, etc, is the responsibility of the user and their job to ensure they know what they are doing. Just because they allow you to shoot yourself in the foot doesn't mean THEY are insecure, just that you chose to do it that way.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________

Post Reply