Content deleted Content added
Citation bot (talk | contribs) Add: authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | #UCB_CommandLine |
m Open access bot: arxiv updated in citation with #oabot. |
||
Line 71:
=== Security ===
According to [[OWASP]], serverless applications are vulnerable to variations of traditional attacks, insecure code, and some serverless-specific attacks (like Denial of Wallet<ref>{{Cite journal |last1=Kelly |first1=Daniel |last2=Glavin |first2=Frank G. |last3=Barrett |first3=Enda |date=2021-08-01 |title=Denial of wallet—Defining a looming threat to serverless computing |url=https://linkinghub.elsevier.com/retrieve/pii/S221421262100079X |journal=Journal of Information Security and Applications |volume=60 |pages=102843 |doi=10.1016/j.jisa.2021.102843 |issn=2214-2126|arxiv=2104.08031 }}</ref>). So, the risks have changed and attack prevention requires a shift in mindset.<ref>{{Cite web |title=OWASP Serverless Top 10 {{!}} OWASP Foundation |url=https://owasp.org/www-project-serverless-top-10/ |access-date=2024-05-20 |website=owasp.org |language=en}}</ref><ref>{{Citation |title=OWASP/Serverless-Top-10-Project |date=2024-05-02 |url=https://github.com/OWASP/Serverless-Top-10-Project |access-date=2024-05-20 |publisher=OWASP}}</ref>
Serverless is sometimes mistakenly considered as more secure than traditional architectures. While this is true to some extent because OS vulnerabilities are taken care of by the cloud provider, the total attack surface is significantly larger as there are many more components to the application compared to traditional architectures, and each component is an entry point to the serverless application. Moreover, the security solutions that customers used to have to protect their cloud workloads become irrelevant as customers cannot control and install anything on the [[endpoint security|endpoint]] and [[Network security|network]] level such as an [[intrusion detection system|intrusion detection/prevention system]] (IDS/IPS).<ref>{{cite web | url=https://www.puresec.io/serverless-security-top-12-csa-puresec | title=Cloud Workload Protection (CWP) | CWPP }}</ref>
| |||