Simuna InfosecSIMUNA INFOSEC
Technical

Serverless Function Security Testing: AWS Lambda, Azure Functions, Google Cloud Functions สำหรับองค์กรไทย

Serverless architectures shift the security model. Testing event triggers, function permissions, and inter-service communication. Guidance for TH market.

Serverless functions shift security responsibility: the cloud provider manages the runtime, but function code, permissions, event triggers, and data handling remain the developer's responsibility. Security testing covers: function permission scope (does each function have minimum necessary IAM permissions?), event trigger security (can unauthorised sources trigger functions?), environment variable management (secrets in plain text?), inter-function communication security, cold start timing attacks, dependency vulnerabilities in function packages, and output encoding to prevent injection through downstream services.