Security for AWS Lambda Serverless Applications<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/g\/security-for-aws-lambda-serverless-applications.html\"><br \/>\n<meta property=\"og:title\" content=\"Security for AWS Lambda Serverless Applications\"><br \/>\n<meta property=\"og:description\" content=\"This article demonstrates a method of security protection for AWS Lambda serverless application Severlessgoat.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/cloud-one-application-security-protection-for-serverless-applications.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Security for AWS Lambda Serverless Applications\"><br \/>\n<meta name=\"twitter:description\" content=\"This article demonstrates a method of security protection for AWS Lambda serverless application Severlessgoat.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/cloud-one-application-security-protection-for-serverless-applications.png\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"51.013919709502\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"96292643\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"9\">\n<div class=\"article-details\" role=\"heading\" readability=\"38\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Serverless Security<\/p>\n<p class=\"article-details__description\">Serverless computing is another beautiful cloud-based advancement for developers. But, like all applications, proper security is required to maximize the benefits. Learn more in this article.<\/p>\n<p class=\"article-details__author-by\">By: Yash Verma <time class=\"article-details__date\">July 08, 2021<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"39.090954274354\">\n<div readability=\"25.095427435388\">\n<p>Serverless computing is another beautiful cloud-based advancement for developers. But, like all applications, the proper security is required to maximize the benefits. What good is the newest, shiniest sports car if the gas tank is empty and you can\u2019t drive it?<\/p>\n<p>This article will demonstrate how to use Application Security to protect your serverless application from various <a href=\"https:\/\/owasp.org\/www-project-serverless-top-10\/\" target=\"_blank\" rel=\"noopener\">OWASP Serverless Top 10 threats<\/a>. For the purpose of this demo, you will need a Trend Micro Cloud One\u2122 account. You can start your free trial <a href=\"https:\/\/cloudone.trendmicro.com\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<p><span class=\"body-subhead-title\"><u>Serverless Application Used for Attack Demo<\/u><\/span><\/p>\n<p>For our attack demo, we will be using the AWS Lambda serverless application known as ServerlessGoat. This application is deliberately insecure and maintained by OWASP. It serves as a Microsoft World .doc file to plain text converter service, meaning it receives a URL to a .doc file as input and will return the text inside the document back to the API caller. Here is the architecture for the application on Amazon Web Services (AWS):<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image1.png\" alt=\"architecture\"> <\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>Please note that this application is vulnerable to several kinds of attacks. Please do not deploy it in any AWS production account.<\/p>\n<p>Let\u2019s start with setting up Application Security with ServerlessGoat:<\/p>\n<p><span class=\"body-subhead-title\"><u>Application Security Integration with ServerlessGoat<\/u><\/span><\/p>\n<p>1. Deploy the application from AWS repository. In your Lambda application, list all the Lambda functions that you want to protect.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image2.png\" alt=\"lambda_function\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.899451553931\">\n<div readability=\"17.703839122486\">\n<p>2. Now, let’s manage these Lambda Functions. Click on the Lambda function to visit the code pane and add the following code based on the Lambda runtime used. In this case, it\u2019s json. Please refer to <a href=\"https:\/\/cloudone.trendmicro.com\/docs\/application-security\/aws-lambda-with-official-runtimes\/\" target=\"_blank\" rel=\"noopener\">this link<\/a> for other languages.<\/p>\n<p><span class=\"pre\">var trend_app_protect = require(‘trend_app_protect’);<br \/>var _handler = async (event) => {<br \/> \/\/ Your application code here<br \/> return {<br \/> statusCode: 200,<br \/> body: ‘Hello from Lambda’,<br \/> };<br \/>};<br \/>\/\/ Export wrapped handler<br \/>exports.handler = trend_app_protect.api.aws_lambda.protectHandler(_handler);<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image3.png\" alt=\"code-source\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.074626865672\">\n<div readability=\"9.2537313432836\">\n<p>You can use AWS <a href=\"https:\/\/cloudone.trendmicro.com\/docs\/application-security\/aws-lambda-with-custom-runtimes\/#add-security-without-code-change-to-aws-lambda-functions\" target=\"_blank\" rel=\"noopener\">custom runtimes<\/a> to avoid changes to any code in the Lambda function<\/p>\n<p>3. Add the Application Security layer ARN to your application by clicking on <b>Add layer<\/b> and choosing following option:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image4.png\" alt=\"add-layer\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44.930458970793\">\n<div readability=\"35.549374130737\">\n<p>For ARNs refer to <a href=\"https:\/\/cloudone.trendmicro.com\/docs\/application-security\/downloads\" target=\"_blank\" rel=\"noopener\">this link<\/a>.<\/p>\n<p>4. <b>Go to Configuration tab and add the following environment variable:<\/b><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_KEY: < key from Application Security Dashboard after creating a group ><\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_SECRET: < secret from Application Security Dashboard after creating a group ><\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_READY_TIMEOUT: 30<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_TRANSACTION_FINISH_TIMEOUT: 10<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_MIN_REPORT_SIZE: 1<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_INITIAL_DELAY_MS: 1<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_MAX_DELAY_MS: 100<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_HTTP_TIMEOUT: 5<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_PREFORK_MODE: False<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_CACHE_DIR: \/tmp\/trend_cache<\/span><\/p>\n<p><span class=\"rte-legal-text\">TREND_AP_LOG_FILE: STDERR<\/span><\/p>\n<p>Apart from the key and secret, other environment variables do not need to be incorporated for custom runtime.<\/p>\n<p>5. In <b>General Configuration<\/b>, increase <b>Timeout<\/b> to at least 120 seconds.<br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image5.png\" alt=\"general-config\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.5\">\n<div readability=\"16\">\n<p>You can also make these changes in your deployment package for serverless application and deploy it, so you can manage it once launched.<\/p>\n<p>6. Deploy your application and go to the Application Security console. Send a simple HTTP request or access the website from your browser for the hosted serverless application to activate the agent.<\/p>\n<p>7. Now, you should see triggers on the Application Security console. The status should turn from grey to green.<br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image6.png\" alt=\"lambda-serverless-goat\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>8. When you trigger any module from the Application Security console, you will get the status <b>Attacks Ongoing<\/b> and the color changes to red.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image7.png\" alt=\"attack-status\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"39.5\">\n<div readability=\"24\">\n<p><u><span class=\"body-subhead-title\">Proof of Concept Demo<\/span><\/u><\/p>\n<p>Now that Application Security is up and running on the DV, we\u2019ll take a look at what types of attacks it will find. For the purpose of this demo, Application Security is kept in detect mode. You can also opt to keep it in block mode, which will block all the attacks.<\/p>\n<p><b>1. Information Gathering<\/b><\/p>\n<p>a. The API endpoint has very predictable URL: https:\/\/{string}.execute-api.{region}.amazonaws.com\/{stage}\/<\/p>\n<p>b. Sending a simple GET request to the API endpoint gives us valuable information and validates that the application has an Amazon API Gateway.<\/p>\n<p>If the application is exposed through Amazon API Gateway, the HTTP response headers might contain header names such as:<span class=\"rte-legal-text\"> x-amz-apigw-id, x-amzn-requestid, x-amzn-trace-id<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image8.png\" alt=\"burp-suite\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"42.000534188034\">\n<div readability=\"29.647435897436\">\n<p>c. In the above response, we can also see the stack trace, which shows that the application is located in the <b>\/var\/task directory<\/b>. This is where Lambda stores and executes your Lambda function. We also see the string <span class=\"rte-legal-text\">_handler<\/span>, which is a very common way to serverless functions (for example, the function name is <span class=\"rte-legal-text\">handler<\/span>, and it is defined inside <span class=\"rte-legal-text\">index.js<\/span>).<\/p>\n<p>OWASP Serverless Top 10 Vulnerability: <b>Improper exception handling and verbose error messages (SAS-10)<\/b><\/p>\n<p>Detections: <b>No<\/b><\/p>\n<p><b>2. Exposing and Reverse Engineering the Lambda Function<\/b><\/p>\n<p>Next, we will try to gain access to the source code of the Lambda function in order to reverse engineer it and discover additional weaknesses. For this demo, we will try to check whether the function is vulnerable to an operating system (OS) command injection.<\/p>\n<p>a. First, we will blindly probe for the OS command injection using a common time-based probing method like invoking the <a href=\"https:\/\/www.presec.io\/hubfs\/document.doc;\" target=\"_blank\" rel=\"noopener\">sleep shell<\/a> command.<br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image9.png\" alt=\"sleep-shell\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.390243902439\">\n<div readability=\"10.463414634146\">\n<p>There was a slight delay, but we have to be sure.<\/p>\n<p>b. Increase the <a href=\"https:\/\/www.presec.io\/hubfs\/document.doc;\" target=\"_blank\" rel=\"noopener\">sleep time<\/a> so it\u2019s more than the default runtimes of most serverless applications and check if there is an error (which is what we want).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image10.png\" alt=\"error\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p>Now, after a long delay, we can see the error.<\/p>\n<p>c. This validates that our OS command injection is working on the <b>‘documenturl’<\/b> parameter. Now, we can dig deeper using OS command injection. Insert the payload “<span class=\"rte-red-text\">https:\/\/foobar; cat \/var\/task\/index.js #<\/span>” in the parameter.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image11.png\" alt=\"foobar\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>Press submit. If you see the output, you should see the lambda code.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image12.png\" alt=\"lambda-code\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>d. There’s a lot that can be learned from the source code:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">The application uses the Amazon DynamoDB (NoSQL database).<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The application uses a Node.js package called node-uuid<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The application stores sensitive user information (IP address and the document URL) inside the DynamoDB table. The name is defined in the TABLE_NAME environment variable.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The root cause behind the OS command injection is using untrusted user input in the child_process.execSync() call.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">The output of API invocations is stored inside an Amazon Simple Storage Service (S3) bucket. The name is stored inside an environment variable: BUCKET_NAME.<\/span><\/li>\n<\/ul>\n<p><u>OWASP Serverless Top 10 Vulnerability<\/u>: <b>Function Event-Data Injection (SAS-1)<\/b><\/p>\n<p><u>Detections<\/u>: <b>Yes<\/b><br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image13.png\" alt=\"high\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image14.png\" alt=\"high2\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image15.png\" alt=\"high3\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"29.813793103448\">\n<div readability=\"9.9379310344828\">\n<p><u>Module<\/u>: Remote Code Execution<\/p>\n<p><b>3. Digging for Gold Inside Environment Variables<\/b><\/p>\n<p>a. Put the following payload in the input: “<a href=\"https:\/\/foobar\/\" target=\"_blank\" rel=\"noopener\">https:\/\/foobar<\/a>; env #”<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image16.png\" alt=\"foobar2\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>If you see the output, there\u2019s some very juicy information here. By grabbing the 3 AWS Identitiy and Access Management (IAM) tokens <b>AWS_SESSION_TOKEN<\/b>, <b>AWS_SECRET_ACCESS_KEY<\/b> and <b>AWS_ACCESS_KEY_ID<\/b>, we can now get the function’s temporary execution role using AWS Command Line Interface (CLI).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image17.png\" alt=\"cli\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.5\">\n<div readability=\"28\">\n<p>b. Gain the function role access using AWS CLI:<\/p>\n<p><span class=\"blockquote\">export AWS_SECRET_ACCESS_KEY = “…”<br \/>export AWS_ACCESS_KEY_ID = “…”<br \/>export AWS_SESSION_TOKEN = “…”<br \/><\/span><\/p>\n<p>Next, you can verify that you are indeed using the function’s role, locally, by running: <span class=\"rte-legal-text\">aws sts get-caller-identity<\/span>.<\/p>\n<p>This should return the following:<\/p>\n<p><span class=\"blockquote\">{<br \/> “UserId”: “xxxxxxxxx”,<br \/> “Account”: “xxxxxxxxxx”,<br \/> “Arn”: “arn:aws:sts::xxxxxxxxxxxx:assumed-role\/aws-serverless-repository-serv-FunctionConvertRole-xxxxxxxx\/aws-serverless-repository-serverle-FunctionConvert-xxxxxxxxxx”<br \/>}<\/span><\/p>\n<p>It’s clear that we are now running under the assumed role of the function.<\/p>\n<p><u>OWASP Serverless Top 10<\/u> Vulnerability: <b>Insecure Application Secrets Storage (SAS-7)<\/b><\/p>\n<p><u>Detections<\/u>: <b>Yes<\/b><br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image18.png\" alt=\"detection-yes\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"44\">\n<div readability=\"33\">\n<p><u>Module<\/u>: <b>Remote Code Execution<\/b><\/p>\n<p>4. <b>Exploiting Over-Privileged IAM Roles<\/b><\/p>\n<p>a. We can infer from the Lambda code that the developer is inserting the client’s IP address and the document URL value into the DynamoDB table, by using the <span class=\"rte-legal-text\">put()<\/span> method of <span class=\"rte-legal-text\">AWS.DynamoDB.DocumentClient<\/span>. In a secure system, the permissions granted to the function should be least-privileged and minimal, for example, only <span class=\"rte-legal-text\">dynamodb:PutItem<\/span>.<\/p>\n<p>However, when the developer chose the CRUD DynamoDB policy provided by AWS Serverless Application Model (SAM), they granted the function with the following permissions:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">dynamodb:GetItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:DeleteItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:PutItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:Scan<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:Query<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:UpdateItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:BatchWriteItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:BatchGetItem<\/span><\/li>\n<li><span class=\"rte-red-bullet\">dynamodb:DescribeTable<\/span><\/li>\n<\/ul>\n<p>These permissions will now allow us to exploit the OS command injection weakness to exfiltrate data from the DynamoDB table, by abusing the <span class=\"rte-legal-text\">dynamodb:Scan<\/span> permission.<\/p>\n<p>b. Use the following payload in the URL field, and see what happens:<\/p>\n<p><span class=\"rte-red-text\">https:\/\/; node -e ‘const AWS = require(“aws-sdk”); (async () => {console.log(await new AWS.DynamoDB.DocumentClient().scan({TableName: process.env.TABLE_NAME}).promise());})();’<br \/><\/span> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image19.png\" alt=\"node\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p>As you can see from the below output, we accessed the entire contents of the table:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image20.png\" alt=\"dynamo\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><u>OWASP Serverless Top 10 Vulnerability<\/u>: <b>Over-Privileged Function Permissions and Roles (SAS-4)<\/b><\/p>\n<p><u>Detections<\/u>: <b>Yes<\/b><br \/> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/g\/cloud-one-application-security-protection-for-serverless-applications\/image21.png\" alt=\"remote-code-execution\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.875\">\n<div readability=\"14.816901408451\">\n<p><u>Module<\/u>: <b>Remote Code Execution<\/b><\/p>\n<p><span class=\"body-subhead-title\"><u>Conclusion<\/u><\/span><\/p>\n<p>As seen in the demo, Application Security is effective at detecting advanced threats and vulnerabilities that could cause harm to your serverless application. This allows you to build and deploy with confidence and satisfies the SecOps teams that security is integrated into your processes. It also encourages communication and collaboration between the teams so you can strengthen the DevOps culture.<\/p>\n<p>Try it for yourself with a <a href=\"http:\/\/cloudone.trendmicro.com\/SignUp.screen\" target=\"_blank\" rel=\"noopener\">free 30-day trial today<\/a>. You can also watch other <a href=\"http:\/\/www.trendmicro.com\/en_ca\/business\/products\/hybrid-cloud\/cloud-one-application-security.html?modal=s1b-btn-see-it-1-158f61\">serverless<\/a> and <a href=\"http:\/\/www.trendmicro.com\/en_ca\/business\/products\/hybrid-cloud\/cloud-one-application-security.html?modal=s1c-btn-see-it-2-bde931\">container<\/a> demos to learn more.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-fbe0df\" href=\"http:\/\/cloudone.trendmicro.com\/SignUp.screen\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/g\/security-for-aws-lambda-serverless-applications.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Serverless computing is another beautiful cloud-based advancement for developers. But, like all applications, proper security is required to maximize the benefits. Learn more in this article. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":41947,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9463,9473,9464,9474],"class_list":["post-41946","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-article","tag-how-to","tag-multi-cloud","tag-serverless-security"],"yoast_head":"\n<title>Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-08T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png\" \/>\n\t<meta property=\"og:image:width\" content=\"684\" \/>\n\t<meta property=\"og:image:height\" content=\"359\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Security for AWS Lambda Serverless Applications Threat Researcher\",\"datePublished\":\"2021-07-08T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/\"},\"wordCount\":1553,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/security-for-aws-lambda-serverless-applications-threat-researcher.png\",\"keywords\":[\"Article\",\"How To\",\"Multi Cloud\",\"Serverless Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/\",\"name\":\"Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/security-for-aws-lambda-serverless-applications-threat-researcher.png\",\"datePublished\":\"2021-07-08T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/security-for-aws-lambda-serverless-applications-threat-researcher.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/07\\\/security-for-aws-lambda-serverless-applications-threat-researcher.png\",\"width\":684,\"height\":359},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-for-aws-lambda-serverless-applications-threat-researcher\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Article\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/article\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security for AWS Lambda Serverless Applications Threat Researcher\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/","og_locale":"en_US","og_type":"article","og_title":"Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-07-08T00:00:00+00:00","og_image":[{"width":684,"height":359,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Security for AWS Lambda Serverless Applications Threat Researcher","datePublished":"2021-07-08T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/"},"wordCount":1553,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png","keywords":["Article","How To","Multi Cloud","Serverless Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/","url":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/","name":"Security for AWS Lambda Serverless Applications Threat Researcher 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png","datePublished":"2021-07-08T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/07\/security-for-aws-lambda-serverless-applications-threat-researcher.png","width":684,"height":359},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/article\/"},{"@type":"ListItem","position":3,"name":"Security for AWS Lambda Serverless Applications Threat Researcher"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41946"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41946\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/41947"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":41946,"date":"2021-07-08T00:00:00","date_gmt":"2021-07-08T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/g\/security-for-aws-lambda-serverless-applications.html"},"modified":"2021-07-08T00:00:00","modified_gmt":"2021-07-08T00:00:00","slug":"security-for-aws-lambda-serverless-applications-threat-researcher","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/security-for-aws-lambda-serverless-applications-threat-researcher\/","title":{"rendered":"Security for AWS Lambda Serverless Applications Threat Researcher"},"content":{"rendered":"