Название: Learning Serverless Security: Hacking and Securing Serverless Cloud Applications on Aws, Azure and Google Cloud
Автор: Joshua Arvin Lat
Издательство: O’Reilly Media, Inc.
Год: 2026
Страниц: 646
Язык: английский
Формат: pdf, epub
Размер: 19.5 MB

Serverless computing now serves as a strategic backbone of modern cloud architectures, helping teams move faster and operate at scale. However, many still struggle to understand the security model of serverless computing. As more organizations migrate critical systems and sensitive data to the cloud using serverless architectures, this gap in serverless security knowledge increasingly exposes them to serious security incidents and data breaches.

This practical guide covers offensive and defensive security techniques to audit and secure serverless applications running on AWS, Azure, and Google Cloud. You'll explore how to attack and defend vulnerable serverless applications using step-by-step instructions. By the end of this book, you'll understand how to prevent various serverless application attacks and privilege escalation techniques.

In the last few years, more organizations around the world have started to embrace the serverless computing paradigm when building scalable and reliable applications in the cloud. Tooling and support for managing serverless applications across a variety of cloud platforms have significantly improved as well. To support the increased adoption of serverless computing services and architectures, cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud continue to push the limits of serverless computing through the addition of services and capabilities in their product offerings. That said, this increased adoption of serverless and cloud computing has also increased the risk of data breaches as more companies store their data in the cloud without having a solid understanding of serverless and cloud security.

Despite these trends, a big gap exists in serverless security knowledge and expertise. Security professionals are still catching up on the evolving set of techniques for hacking and securing serverless applications in the cloud. This book aims to bridge this gap by diving deeper into the offensive and defensive security strategies when dealing with modern serverless architectures.

Author Joshua Arvin Lat, chief technology officer at NuWorks Interactive Labs and an AWS AI Hero, shows you how to:

Identify and address vulnerabilities within modern serverless applications
Dive deeper into serverless security risks and threats
Explore privilege escalation techniques in vulnerable-by-design serverless lab environments
Configure authentication and identity services properly on AWS, Azure, and Google Cloud
Implement security strategies and best practices to prevent serverless application attacks
Audit serverless function code using security tools and strategies

Who Should Read This Book
This book is for security engineers, cloud engineers, developers, security architects, and penetration testers responsible for managing, auditing, and securing their cloud infrastructure. This book is targeted toward professionals with experience using cloud services who are planning to dive deeper into cloud and serverless security. You are expected to have a good understanding of the concepts of cloud computing and security. Basic knowledge of serverless computing and the fundamental services of AWS, Google Cloud, and Azure will help. Knowledge or experience using security tools is optional.