As we’re all aware by now, Serverless doesn’t mean there are no servers. It also doesn’t mean we can completely forget they’re there.
Because our code still runs on computers, and those computers are normally in the cloud, we still have to think about security.
Our code will be vulnerable to attack just like any other code. Old favourites such as SQL injection, privilege escalation, etc will still work if we’re not diligent.
As the industry grows, companies will spring up to fill in the gaps. One of those companies announced their presence at the recent AWS summit in California.
Normally you would protect your application not just with good coding practices, but with a firewall device with packet inspection and intrusion prevention capabilities. Now that architecture is abstracted away from you, and not something you can control.
Puresec promises a “Serverless Security Runtime Environment”, and it’s now available in Beta form for AWS Lambda. There’s a series of blog posts on their site to learn more, which I’ll now be doing.
You can include the SSRE library in your code as an import, and it can be trained to detect abnormal access patterns. It can then log that information into logfiles or onto a dashboard. When a malicious execution is detected, the SSRE intercepts it and stops your code from executing.
It’s also capable of detecting potential misconfigurations such as a database or blob with write-access where your code only requires read-access.
As is common in the serverless world, Puresec is offering billing based on per-execution.