A recent audit revealed more than one in five serverless applications have critical security vulnerabilities. Business World brought this information to our attention in their article, “21 percent of Open Source Serverless Applications have Critical Vulnerabilities.”
An evaluation of 1,000 open-source serverless projects found that 21 percent of them contain one or more critical vulnerabilities or misconfigurations. This vulnerability could allow attackers to manipulate the application and perform malicious actions.
“To vet their definition, they’ve collected a sampling of roughly 1000 functions deployable within AWS Lambda,” said Tim Mackey, technical evangelist for Black Duck by Synopsys. “These functions were written in a variety of languages and their findings showed, in the aggregate, 21 percent contained at least one of the security risks identified by their “FaaS top 10” taxonomy.”
Due to the security nature of API execution, recent media coverage of data breaches also demonstrates that anyone consuming an API should be aware of how any data presented will be used and potentially stored.
Melody K. Smith
Sponsored by Data Harmony, a unit of Access Innovations, the world leader in indexing and making content findable.
