Serverless computing now serves as a strategic backbone of modern cloud architectures, helping teams move faster and operate at scale. However, many still struggle to understand the security model of serverless computing. As more organizations migrate critical systems and sensitive data to the cloud using serverless architectures, this gap in serverless security knowledge increasingly exposes them to serious security incidents and data breaches.

This practical guide covers offensive and defensive security techniques to audit and secure serverless applications running on AWS, Azure, and Google Cloud. You’ll explore how to attack and defend vulnerable serverless applications using step-by-step instructions. By the end of this book, you’ll understand how to prevent various serverless application attacks and privilege escalation techniques.

Author Joshua Arvin Lat, chief technology officer at NuWorks Interactive Labs and an AWS AI Hero, shows you how to:
Identify and address vulnerabilities within modern serverless applications
Dive deeper into serverless security risks and threats
Explore privilege escalation techniques in vulnerable-by-design serverless lab environments
Configure authentication and identity services properly on AWS, Azure, and Google Cloud
Implement security strategies and best practices to prevent serverless application attacks
Audit serverless function code using security tools and strategies