Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud Joshua Arvin Lat

Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud Joshua Arvin Lat - okladka książki

Autor:: Joshua Arvin Lat
Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 534
Dostępne formaty:: ePub

Mobi

Ebook

203,15 zł ~~239,00 zł~~ (-15%)

194,65 zł najniższa cena z 30 dni

Dodaj do koszyka lub Kup na prezent Kup 1-kliknięciem

Przenieś na półkę

Do przechowalni

Serverless computing now serves as a strategic backbone of modern cloud architectures, helping teams move faster and operate at scale. However, many still struggle to understand the security model of serverless computing. As more organizations migrate critical systems and sensitive data to the cloud using serverless architectures, this gap in serverless security knowledge increasingly exposes them to serious security incidents and data breaches.

This practical guide covers offensive and defensive security techniques to audit and secure serverless applications running on AWS, Azure, and Google Cloud. You'll explore how to attack and defend vulnerable serverless applications using step-by-step instructions. By the end of this book, you'll understand how to prevent various serverless application attacks and privilege escalation techniques.

Author Joshua Arvin Lat, chief technology officer at NuWorks Interactive Labs and an AWS AI Hero, shows you how to:

Identify and address vulnerabilities within modern serverless applications
Dive deeper into serverless security risks and threats
Explore privilege escalation techniques in vulnerable-by-design serverless lab environments
Configure authentication and identity services properly on AWS, Azure, and Google Cloud
Implement security strategies and best practices to prevent serverless application attacks
Audit serverless function code using security tools and strategies

O autorze książki

Joshua Arvin Lat is the Chief Technology Officer (CTO) of NuWorks Interactive Labs, Inc. He previously served as the CTO of three Australian-owned companies and also served as the Director for Software Development and Engineering for multiple e-commerce start-ups in the past, which allowed him to be more effective as a leader. Years ago, he and his team won first place in a global cybersecurity competition with their published research paper. He is also an AWS Machine Learning Hero and has shared his knowledge at several international conferences, discussing practical strategies on machine learning, engineering, security, and management.

Joshua Arvin Lat - pozostałe książki

Ebooka "Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Oceny i opinie klientów: Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud Joshua Arvin Lat

(0)

Szczegóły książki

ISBN Ebooka:: 978-10-981-4897-3, 9781098148973
Data wydania ebooka :: 2026-02-17 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 9.6MB
Rozmiar pliku Mobi:: 9.6MB

Zgłoś erratę

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking » Bezpieczeństwo systemów

Dostępność produktu

Produkt nie został jeszcze oceniony pod kątem ułatwień dostępu lub nie podano żadnych informacji o ułatwieniach dostępu lub są one niewystarczające. Prawdopodobnie Wydawca/Dostawca jeszcze nie umożliwił dokonania walidacji produktu lub nie przekazał odpowiednich informacji na temat jego dostępności.

Spis treści książki

Preface
- Who Should Read This Book
- Why I Wrote This Book
- Navigating This Book
- Conventions Used in This Book
- Using Code Examples
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
1. Introduction to Serverless Computing
- Demystifying Serverless Computing
  - Embracing Serverless
  - Exploring Definitions and Serverless Use Cases
- Debunking Common Myths and Misconceptions
  - Myth 1: Serverless Means That No Servers Are Involved
  - Myth 2: Serverless Is Equivalent to FaaS
  - Myth 3: Serverless Is Offered Only by Cloud Providers
  - Myth 4: Serverless Is Suitable for Only Simple, Small-Scale Applications
  - Myth 5: Serverless Computing and Containerization Dont Work Well Together
  - Myth 6: Serverless Applications Support Only a Limited Number of Languages
  - Myth 7: Serverless Eliminates All Management and Operational Tasks
  - Myth 8: Serverless Platforms and Services Are Interchangeable, with No Differences
  - Myth 9: Serverless Applications Are Immune to Security Attacks
- Summary
2. Understanding Serverless Architectures and Implementation Patterns
- Cloud Services and Capabilities That Enable the Serverless Operational Model
  - Serverless Services, Features, and Capabilities on AWS
  - Serverless Services, Features, and Capabilities on Azure
  - Serverless Services, Features, and Capabilities on Google Cloud
- Common Building Blocks, Patterns, and Solutions for Serverless Architectures
  - Serverless Web Applications and APIs
  - Queue-Based Load Leveling Pattern
  - Gatekeeper Pattern
  - Fan-Out Pattern
  - Valet Key Pattern
  - Event-Driven Serverless Containers
  - Event-Driven File Processing
  - Functionless Integration Pattern
  - Federated Identity Pattern
  - Centralized Logging and Monitoring
- Summary
3. Diving Deeper into Serverless Security Threats and Risks
- Publicly Accessible Functions
- Misconfigured Cloud Storage Resources
- Leaked Credentials
- Insecure Storage of Credentials and Secret Keys
- Injection Attacks
- Over-Privileged Permissions and Roles
- Business Logic Vulnerabilities
- Insecure Network Configuration
- Insufficient Tracing, Logging, Monitoring, and Alerting
- Serverless Security Mechanism Limitations
- Compromised CI/CD Pipelines
- Broken Authentication
- Vulnerable Application Dependencies
- Denial of Service and Denial of Wallet
- Cross-Site Scripting
- API Gateway Security Misconfigurations
- Supply Chain Attacks
- Summary
4. Exploiting and Securing Exposed AWS IAM Credentials
- Reviewing Technical Prerequisites
- Understanding How AWS IAM Works
- Setting Up the Vulnerable-by-Design Serverless Lab Environment
  - Creating an IAM User with the AdministratorAccess Policy Attached
  - Creating Trails in CloudTrail to Capture API Calls Made in the Account
  - Configuring Bedrock Model Invocation Logging
  - Completing the Vulnerable Serverless AI-Powered Application
- Gaining Access via Exposed Credentials from Client-Side Code
- Disabling CloudTrail Logging to Evade Detection
- Creating a Backdoor IAM User with Administrator Privileges
- Simulating Unauthorized Bedrock Model Invocation from the Attacker Account
- Auditing the CloudTrail Logs and the Bedrock Model Invocation Logs
- Summary
5. Exploiting and Securing Misconfigured AWS IAM Roles
- Reviewing Technical Prerequisites
- Abusing AssumeRole for Privilege Escalation
  - Setting Up an Overly Permissive IAM Role
  - Setting Up IAM Groups and Users
  - Deploying a Lambda Function with an Overly Permissive IAM Role
  - Leveraging AssumeRole to Escalate Privileges
  - Establishing Persistence with New IAM User Credentials
- Escalating Privileges and Establishing Persistence Through an AWS Lambda Function with a Misconfigured IAM Role
  - Mitigating the AssumeRole Privilege Escalation Vulnerability
  - Reconfiguring the AWS CLI and Verifying That AssumeRole Can No Longer Be Used to Escalate Privileges
  - Abusing a Functions Overly Permissive Execution Role to Escalate Privileges
  - Establishing Persistence with New IAM User Credentials
  - Establishing Persistence via a Backdoored Lambda Version
- Summary
6. Hacking Publicly Accessible AWS Lambda Functions
- Reviewing Technical Prerequisites
- Preparing and Deploying a Vulnerable Serverless Web Application
  - Setting Up a Vulnerable AWS Lambda Function
  - Configuring an S3 Bucket for Static Website Hosting
- Testing for Common S3 Bucket Misconfigurations
- Using Code Injection Attacks to Execute Arbitrary Code in Lambda Functions
- Exfiltrating Sensitive Data via Code Injection and Outbound Network Access
  - Updating the Lambda Function with Limited Code Injection Safeguards
  - Setting Up the Server That Receives Exfiltrated Data
  - Attacking the Vulnerable Serverless Web Application
- Stealing Secrets Manager Secrets Through a Vulnerable Lambda Function
  - Storing Secrets in AWS Secrets Manager
  - Updating the Lambda Function Role Permissions for Accessing Secrets Manager
  - Updating the Lambda Function Code to Retrieve Secrets from Secrets Manager
  - Stealing Secrets Manager Secrets Through a Code Injection Attack
- Summary
7. Running and Securing Serverless Functions in a VPC
- Reviewing Technical Prerequisites
- Updating the Lambda Function Execution Role with the Required VPC Permissions
- Setting Up and Configuring a VPC with Restricted Outbound Access
- Attaching the Lambda Function to the VPC with Restricted Outbound Access
- Setting Up an API Gateway REST API That Routes Requests to the Lambda Function
- Updating the S3-Hosted Website to Use the API Gateway Endpoint URL
- Verifying That Code Injection Attacks Attempting Outbound Access No Longer Work
- Writing Secure Lambda Function Code to Defend Against Code Injection Attacks
- Summary
8. Hacking and Securing Google Cloud Storage Buckets
- Reviewing Technical Prerequisites
- Exploring Cloud Storage Bucket Security Misconfigurations
  - Setting Up a Vulnerable-by-Design Cloud Storage Bucket
  - Exploiting the Misconfigured Cloud Storage Bucket
  - Securing the Misconfigured Bucket
- Simulating a Dangling Bucket Takeover
  - Setting Up the Dangling Bucket
  - Executing the Bucket Takeover
- Enforcing Secure Bucket Configuration with Infrastructure as Code
  - Provisioning a Cloud Storage Bucket with IaC
  - Detecting and Remediating Configuration Drift
- Auditing IaC Configurations with Checkov
- Summary
9. Abusing Google Cloud Storage Event Triggers with Malicious File Uploads
- Reviewing Technical Prerequisites
- Preparing the Vulnerable-by-Design Google Cloud Lab Environment
  - Setting Up the Google Cloud Project
  - Creating a Parameter Manager Parameter
  - Setting Up the Cloud Storage Buckets
  - Deploying a Vulnerable Cloud Run Service
  - Completing the Vulnerable Event-Driven File Upload Service
  - Validating End-to-End Event-Driven Processing
- Exploiting a Cloud Run Service Through a Malicious File Upload
  - Setting Up a Reverse Shell Listener
  - Triggering a Reverse Shell with a Malicious File Upload
  - Exploring and Inspecting the Project Resources
- Summary
10. Setting Up Backdoors and Escalating Privileges in Google Cloud
- Reviewing Technical Prerequisites
- Setting a Lower Cloud Run Service Timeout
- Generating a Service Account Key Associated with the Compromised Cloud Run Service
- Configuring a Backdoor Service Account
- Further Reducing the Cloud Run Timeout and Restricting the Service Account Permissions
- Exploiting a Cloud Run Service Without a Reverse Shell
  - Setting Up a Local Server and a Tunnel That Receives Exfiltrated Data
  - Exfiltrating Environment Variables from a Cloud Run Service
  - Exfiltrating the Source Code from a Cloud Run Service
  - Exfiltrating Service Account Credentials from a Cloud Run Service
- Escalating Privileges Through a Cloud Run Function
- Escalating Privileges Through a Compute Engine VM Instance
- Summary
11. Hacking and Securing Azure Functions
- Reviewing Technical Prerequisites
- Setting Up and Deploying a Vulnerable-by-Design Serverless Function
- Exploiting the Vulnerable Serverless Function
- Storing Secrets in Azure Key Vault
- Abusing an Overly Permissive Managed Identity to Exfiltrate Key Vault Secrets
- Summary
12. Escalating Privileges in Microsoft Azure
- Reviewing Technical Prerequisites
- Updating the Function App Permissions
- Escalating Privileges Through an Overly Permissive Managed Identity
- Applying Least Privilege to the Function App Managed Identity
- Summary
13. Analyzing, Auditing, and Securing Serverless Application Code
- Reviewing Technical Prerequisites
- Using Semgrep to Detect Security Issues in Serverless Application Code
- Securing Serverless Application Code from Code Injection
- Developing a Custom Script That Detects Malicious Dependencies
- Using OSV-Scanner to Detect Vulnerable Packages
- Summary
Index

pokaż cały spis treści

O'Reilly Media - inne książki

Nowość Promocja

Data is at the center of many challenges in system design today. Difficult issues such as scalability, consistency, reliability, efficiency, and maintainability need to be resolved. In addition, there's an overwhelming variety of systems, including relational databases, NoSQL datastores, data warehouses, and data lakes. There are cloud services, on
- ebook
Designing Data-Intensive Applications. The Big Ideas Behind Reliable, Scalable, and Maintainable Systems. 2nd Edition

Martin Kleppmann, Chris Riccomini

(194,65 zł najniższa cena z 30 dni)

203.15 zł ~~239.00 zł (-15%)~~
Nowość Promocja

Cloud computing is no longer just a buzzword but a crucial skill set for today's professionals. The ability to navigate the complexities of cloud technologies and understand the Azure environment is a significant advantage. Whether you're starting your tech journey or looking to solidify your foundational knowledge, this study guide is your essenti
- ebook
Azure Fundamentals (AZ-900) Study Guide. In-Depth Guidance & Practice for Aspiring Cloud Engineers

Jack Lee

(160,65 zł najniższa cena z 30 dni)

169.14 zł ~~199.00 zł (-15%)~~
Nowość Promocja

On today's web, performance isn't just a nice-to-have—it's essential. A slow or unstable experience drives users away, while a fast, reliable one builds trust and keeps them engaged. Web Performance Engineering in the Age of AI is a comprehensive, hands-on guide for developers, technical leads, and performance engineers focused on delivering high-i
- ebook
Web Performance Engineering in the Age of AI. Mastering Speed and Quality for AI-Generated Applications

Addy Osmani

(194,65 zł najniższa cena z 30 dni)

203.15 zł ~~239.00 zł (-15%)~~
Nowość Promocja

As cyberthreats grow and infrastructure evolves, organizations must prioritize effective, dynamic, and adaptable incident response. Following the success of the original edition, Blue Team Handbook: Incident Response has been updated to reflect today's evolving cybersecurity landscape. This trusted and widely used field guide for cybersecurity inci
- ebook
Blue Team Handbook: Incident Response

Don Murdoch

(177,65 zł najniższa cena z 30 dni)

186.15 zł ~~219.00 zł (-15%)~~
Nowość Promocja

The software engineering landscape is constantly evolving, and the demands on engineers intensify with each technological and methodological shift. In such an environment, being a good coder isn't enough—true effectiveness goes beyond technical skills. This book is designed as a guide for individual contributors who want to level up to meet the cha
- ebook
The Effective Software Engineer. How ICs at Every Level Can Leverage AI, Prioritize High-Value Work, and Lead Beyond Their Role

Addy Osmani

(109,65 zł najniższa cena z 30 dni)

118.15 zł ~~139.00 zł (-15%)~~
Nowość Promocja

With the rise of autonomous agents, the question is no longer "How do we build agents?" but rather, "How do we manage an entire ecosystem of them?" This book explores the next frontier of this technology, where interconnected agents collaborate, transact, and fulfill tasks autonomously. Building on established concepts like API service mesh and dat
- ebook
Agentic Mesh. The GenAI-Powered Autonomous Agent Ecosystem

Eric Broda, Davis Broda

(211,65 zł najniższa cena z 30 dni)

228.65 zł ~~269.00 zł (-15%)~~
Nowość Promocja

Questo lavoro č stato tradotto utilizzando l'AI. Siamo lieti di ricevere il tuo feedback e i tuoi commenti: translation-feedback@oreilly.com I recenti progressi nell'intelligenza artificiale non solo hanno fatto crescere la domanda di prodotti AI, ma hanno anche reso piů facile per chiunque voglia creare prodotti AI. L'approccio "model-
- ebook
Ingegneria dell'intelligenza artificiale (Italian Edition). Costruire applicazioni con i modelli di fondazione

Chip Huyen

(211,65 zł najniższa cena z 30 dni)

228.65 zł ~~269.00 zł (-15%)~~
Nowość Promocja

Ransomware attacks are no longer a question of if—they're a matter of when. With hackers increasingly targeting backup and disaster recovery (DR) systems, organizations need more than prevention strategies; they need a battle-tested plan for minimizing damage, forensically determining what's happened, and restoring their environment without paying
- ebook
Learning Ransomware Response & Recovery. Stopping Ransomware One Restore at a Time

W. Curtis Preston, Michael Saylor

(119,40 zł najniższa cena z 30 dni)

169.14 zł ~~199.00 zł (-15%)~~
Nowość Promocja

In today's AI landscape, success depends not just on prompting large language models but on orchestrating them into intelligent systems that are scalable, compliant, and cost-effective. GenAI on Google Cloud is your hands-on guide to bridging that gap. Whether you're an ML engineer or an enterprise leader, this book offers a practical game plan for
- ebook
GenAI on Google Cloud. Enterprise Generative AI Systems and Agents

Ayo Adedeji, Lavi Nigam, Sarita Joshi

(161,40 zł najniższa cena z 30 dni)

228.65 zł ~~269.00 zł (-15%)~~

Zamknij

Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud Joshua Arvin Lat

Najczęściej kupowane razem

Opis książki : Learning Serverless Security. Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud