Is serverless insecure? Let's find out..
"This is a simple AWS lambda function that does a straight exec. Essentially giving you a shell directly in my AWS infrastructure to just run your commands. A security teams worst nightmare.
Do whatever you want. Ultimate goal: take over the account, escalate privs or find some sensitive info."
http://www.lambdashell.com/
Is serverless insecure? Let's find out..aws
Is serverless insecure? Let's find out..aws
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Is serverless insecure? Let's find out..aws
Serverless, in the context of cloud computing, is not inherently insecure, in fact in many cases the exact opposite.
However, they do NOT secure your code or YOUR actions, that's your portion under the "Shared Responsibility Model" and that means that flaws in your code, are your fault and your responsibility and it is not unique to cloud computing, you can do blunders like this on traditional systems too.
Ultimately the security of the code, app, etc, is the responsibility of the user and their job to ensure they know what they are doing. Just because they allow you to shoot yourself in the foot doesn't mean THEY are insecure, just that you chose to do it that way.
However, they do NOT secure your code or YOUR actions, that's your portion under the "Shared Responsibility Model" and that means that flaws in your code, are your fault and your responsibility and it is not unique to cloud computing, you can do blunders like this on traditional systems too.
Ultimately the security of the code, app, etc, is the responsibility of the user and their job to ensure they know what they are doing. Just because they allow you to shoot yourself in the foot doesn't mean THEY are insecure, just that you chose to do it that way.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT; Win64; x64; rv:56.0) Gecko/20100101 Firefox/60.0