Episode 56 — Secure serverless architectures by understanding their real attack surfaces
This episode introduces serverless security by focusing on what changes compared to traditional compute: you manage less infrastructure, but you rely more heavily on identity, event inputs, and managed service integrations, which the GPCS exam treats as primary attack surfaces. You’ll define serverless functions, managed runtimes, and event-driven execution, then map the real risks: overly permissive function identities, exposed invocation paths, unsafe dependencies, secrets in environment variables, and weak logging that hides short-lived execution. We’ll use a scenario where a function is triggered by an external-facing event source and processes untrusted input, and you’ll trace how attackers can exploit input handling to access sensitive data or misuse downstream permissions. You’ll also learn how to think about boundaries in serverless: what the function can reach, what can reach the function, and what evidence exists to prove how it was used during an incident. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
