You may have cracked serverless development, but it’s almost certain you haven’t solved serverless security
Here’s how to secure that ever-expanding attack surface
Paid Post Serverless is revolutionizing software development, allowing organizations to produce applications which consume cloud resources only when they need to. Developing applications this way also dramatically reduces the amount of code to write while increasing the velocity of completed applications.
Serverless applications free tech teams from much of the drudgery of managing cloud infrastructure, such as guesstimating how far they will have to scale up or down or paying for capacity that may never be used. But some things never change – developers will have to ensure their applications remain secure.
So it might come as a shock that while 70 per cent of respondents to the State of Serverless Application Security Report have six or more teams working on serverless development, they are also building up a worrying “serverless security debt”. Over 71 per cent of respondents admitted their average serverless applications have more than 10 vulnerabilities.
The problem is traditional application security tools are designed for traditional web applications. Hence, they struggle to handle the broader attack surface presented by a fleet of Lambda functions, each with its own perimeter and permissions. This can result in false positive rates of over 85 per cent.
Which is why Contrast Security has launched its Contrast Serverless Application Security product, targeting the specific security concerns presented by serverless.
Initially aimed at AWS Lambda-based serverless applications, the suite includes dynamic environment scanning, based on the OWASP Top Ten benchmarks, as well as resource mapping to uncover the relationships between all the resources in the environment.
It also delivers code scanning to automatically uncover new vulnerabilities in near real time and performs software composition analysis of open source libraries.
The platform then recommends least privilege policies before deployment and provides remediation suggestions for customer code, as well as ranking alerts from low to critical, based on the broader Contrast Security platform.
If you’re planning to take advantage of the speed and automation of serverless, you don’t want to be hamstrung by manual security processes. But you also don’t want to deploy applications that will be a security nightmare.
So, head here now, and find out how serverless doesn’t have to be security-less.
Sponsored by Contrast Security