OWASP & Serverless Application Security

Difficulty: Intermediate
Duration: 5 minutes and 55 seconds
Students: 1,731
Rating: 4.6/5

As more and more organizations are moving towards a serverless or Function as a Service (FaaS) architecture and framework, understanding how this affects security is essential.  There are both pros and cons to implementing a serverless solution from a security perspective. This lesson will look at both the benefits and the negatives when adopting a FaaS solution and how this affects the safeguarding of your data.  

Most people have a deeper understanding of IaaS security, but some of the secure methods used within IaaS are not required within FaaS and vice versa.  There are also a number of security threats and concerns which affect both FaaS and IaaS architectures which will also be discussed.  
Towards the end of the lesson, it explains how serverless is impacted by the OWASP (Open Web Application Security Project) top 10 list of vulnerabilities.

Learning Objectives

By the end of this lesson, you will

  • Understand and be able to distinguish between the pros and cons of serverless security
  • Understand where to focus additional security controls in a FaaS solution
  • Have a general overview of how security differs to that of a typical IaaS solution

Intended Audience

This content in this lesson would be beneficial to:

  • Engineers who are focused on delivering secure serverless solutions within an enterprise environment
  • Security architects looking to enhance their knowledge of FaaS solutions
  • Developers deploying applications within a serverless environment


As a prerequisite of this lesson you should have a basic knowledge and awareness of the following:

  • A general understanding of what Serverless means
  • Understand what FaaS and IaaS relates to
  • A basic awareness of different attack vectors, such as DoS
  • AWS Lambda
  • Amazon Cognito
  • Amazon API Gateway
  • Security controls within IAM


Covered Topics