The document discusses security best practices for serverless applications. It emphasizes that application dependencies represent a large attack surface and inputs/outputs should be sanitized. The least privilege principle and compartmentalization are important, as is encrypting data at rest and in transit. Unused functions should be deleted, and threats like DoS attacks and credential theft should be guarded against. People can be the weakest link, so secure credentials and implement authentication. The document provides resources for further reading on these topics.
77. NPM default - get latest
“compatible” version, ie. 1.X.X
78. clean install (eg. on CI server) will
download the latest, compromised
package without any code change…
NPM default - get latest
“compatible” version, ie. 1.X.X
115. AWS Lambda
docs
Write your Lambda function
code in a stateless style, and
ensure there is no affinity
between your code and the
underlying compute
infrastructure.
http://amzn.to/2jzLmkb
136. AWS Shield Advanced also gives you access to the AWS DDoS
Response Team (DRT) and protection against DDoS related
spikes in your ELB, CloudFront or Route 53 charges.