Is serverless insecure? Let's find

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Senior Member
Posts: 119
Joined: Tue Nov 26, 2013 9:44 pm

Is serverless insecure? Let's find

Post by morganism » Sat Aug 18, 2018 10:27 pm

Is serverless insecure? Let's find out..

"This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare.

Do whatever you want. Ultimate goal: take over the account, escalate privs or find some sensitive info."
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0

User avatar
Lieutenant Colonel
Posts: 3345
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA

Re: Is serverless insecure? Let's find

Post by GµårÐïåñ » Sat Aug 18, 2018 10:50 pm

Serverless, in the context of cloud computing, is not inherently insecure, in fact in many cases the exact opposite.

However, they do NOT secure your code or YOUR actions, that's your portion under the "Shared Responsibility Model" and that means that flaws in your code, are your fault and your responsibility and it is not unique to cloud computing, you can do blunders like this on traditional systems too.

Ultimately the security of the code, app, etc, is the responsibility of the user and their job to ensure they know what they are doing. Just because they allow you to shoot yourself in the foot doesn't mean THEY are insecure, just that you chose to do it that way.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT; Win64; x64; rv:56.0) Gecko/20100101 Firefox/60.0

Post Reply