By its very nature, Serverless (FaaS) addresses some of today’s biggest security concerns. By eliminating infrastructure management, it pushes its security concerns to the platform provider. Unfortunately, attackers won’t simply give up, and will instead adapt to this new world. More specifically, FaaS will move attackers focus from the servers to the application concerns OWASP highlights—and defenders should adapt priorities accordingly.
This post touches on which security concerns Serverless helps, and which ones it doesn’t. Each of these bullets is probably worth of a full post of its own (which I may write later on!), but in this post I’ll keep remediation and risk management details light, in favor of covering the bigger picture.
Read more at Snyk