Is serverless insecure? Let's find out..aws

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 134
Joined: Tue Nov 26, 2013 9:44 pm

Is serverless insecure? Let's find out..aws

Post by morganism »

Is serverless insecure? Let's find out..

"This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare.

Do whatever you want. Ultimate goal: take over the account, escalate privs or find some sensitive info."

http://www.lambdashell.com/
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Is serverless insecure? Let's find out..aws

Post by GµårÐïåñ »

Serverless, in the context of cloud computing, is not inherently insecure, in fact in many cases the exact opposite.

However, they do NOT secure your code or YOUR actions, that's your portion under the "Shared Responsibility Model" and that means that flaws in your code, are your fault and your responsibility and it is not unique to cloud computing, you can do blunders like this on traditional systems too.

Ultimately the security of the code, app, etc, is the responsibility of the user and their job to ensure they know what they are doing. Just because they allow you to shoot yourself in the foot doesn't mean THEY are insecure, just that you chose to do it that way.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT; Win64; x64; rv:56.0) Gecko/20100101 Firefox/60.0
Post Reply