From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense
Join today to access over 25,500 courses taught by industry experts.
Serverless and API security
From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense
Serverless and API security
- [Instructor] Securing serverless architectures and APIs requires rethinking traditional security approaches. Serverless platforms like AWS Lambda remove the need to manage servers, but they introduce new challenges. Functions are short-lived, triggered by events such as an API call or file upload and rely heavily on integrations with other cloud services. APIs, especially in serverless setups, act as gateways to your business logic, making them prime targets for attacks like brute force logins, injection attacks, or denial of service. A key vulnerability in serverless is overprivileged functions. For example, a lambda function with permissions to delete all S3 buckets could be exploited if hacked. APIs, on the other hand, risk exposing sensitive data if endpoints lack authentication, or validate inputs poorly. The distributed nature of these technologies also complicates monitoring. How do you track a threat across dozens of ephemeral functions or API endpoints? Best practices…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Secure software development life cycle6m 9s
-
(Locked)
DevSecOps principles4m 40s
-
Shift left4m 4s
-
(Locked)
Automate security in CI/CD pipelines4m 2s
-
(Locked)
Serverless and API security3m 44s
-
(Locked)
Protect APIs from common attacks3m 11s
-
(Locked)
Implement API gateway security features3m 3s
-
(Locked)
-
-
-
-