21 percent of open source serverless applications have critical vulnerabilities

Serverless computing is increasingly popular because it eliminates infrastructure concerns. However, a new report raises worries about its security. According to an audit by serverless security company PureSec, more than one in five serverless applications has critical security vulnerabilities. An evaluation of 1,000 open-source serverless projects conducted by the PureSec threat research team finds that 21 percent of them contain one or more critical vulnerabilities or misconfigurations, which could allow attackers to manipulate the application and perform malicious actions. Six percent of the projects even had application secrets, such as API keys or credentials, posted in their publicly accessible code… [Continue Reading]