#api security #serverless #faas #csa #lambda #aws

Harden your Serverless API (DoS and Function Orchestration)

DoS attacks and their distributed versions are among the most disastrous consequences of poor API configuration. The dynamic and elastic nature of cloud services makes this type of attack highly insidious and resource-consuming. Similarly, simple mistakes in execution flow configuration can open numerous attack avenues that can be exploited without major effort. This post continues where the previous one left off. Let’s take a look. Denial-of-Service (DoS) Attacks Serverless architecture’s core features such as automated scalability and high availability present challenges that need to be overcome. ...

#api security #serverless #faas #csa #lambda #aws

Harden your Serverless API (Monitoring and Encryption)

In my previous post, we went over the basics of hardening the security of serverless functions. We highlighted the importance of good practices such as input validation, proper authentication, and fine-grained authorization. In this post, we will take a look at an additional set of best practices related to proper monitoring and logging, third-party dependency management, and sensitive information encryption. Common Vulnerabilities And Their Mitigation (continued) The next three items in the 12 Most Critical Risks for Serverless Applications published by the Cloud Security Alliance have to do with vulnerabilities related to lack of proper monitoring, improper dependency management, and poor secret management. ...

#api security #serverless #faas #csa #lambda #aws

Harden your Serverless API (The Basics)

Serverless Functions (SFs) changed the API game. Developers can build and deploy an API without any knowledge of infrastructure controls. No checks by a DevOps team, a security team, or other Enterprise IT groups that traditionally could control the launch of new business applications. Absolute, total freedom! Plus, gone are the days in which APIs were limited to HTTP events. Any cloud resource is now a potential API trigger that adds highly beneficial flexibility to design cloud-native applications. ...

#api security #authentication #authorization

API Security - Authentication and Authorization

Massive amounts of data are being transmitted using systems that are not designed for security from the ground up. Even private APIs will sooner or later be broken, exposed, or hacked. Therefore, a solid API security approach should be designed and implemented with public access in mind and it should involve not only the API itself but also the client applications that use it. This means that both enterprise and mobile client applications must be treated as first-class citizens when designing an API security solution. ...

#api #data product #data-driven #devops #docker

Streamline your data-driven API - The Power of Containers

In my previous post, I outlined the process to infuse DevOps in the development of a data-driven product. Next, we analyzed the process to create a development pipeline for data-driven projects in a repeatable and automatic way. This process also included testing capabilities in order to add an important feedback loop. We also analyzed the benefits of continuous delivery and the benefits of using managed cloud services to achieve this when compared to traditional tools and frameworks. ...

#api #DevOps

Streamlining your data-driven API - The Power of DevOps

In my previous post, I briefly mentioned several options to streamline the process to implement a data product. These options included managed cloud services specially designed to hide the complexity of low-level configurations while allowing their users to focus on business logic. While making use of these cloud services is already a huge leap toward a fully automated, streamlined, and cost-efficient implementation process, a lot needs to be done on the client’s side in order to provide a coherent flow between local development and highly automated cloud services. ...