performing-serverless-function-security-review

Featured

Performing security reviews of serverless functions across AWS Lambda, Azure Functions, and GCP Cloud Functions to identify overly permissive execution roles, insecure environment variables, injection vulnerabilities, and missing runtime protections.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Serverless Function Security Review ## When to Use - When auditing serverless applications before production deployment - When investigating potential data exposure through function environment variables or logs - When assessing the blast radius of a compromised serverless function execution role - When compliance reviews require documentation of serverless security controls - When building secure-by-default templates for serverless deployments **Do not use** for container or VM security assessments (use container scanning tools), for API security testing (use DAST tools on the API Gateway layer), or for real-time serverless threat detection (use AWS Lambda Extensions with security agents). ## Prerequisites - AWS CLI, Azure CLI, and gcloud CLI configured with appropriate permissions - Access to read function configurations, policies, and execution roles - Prowler or Checkov for automated serverless security scanning - SAM CLI or Serverless Framework for local function analysis - CloudTrail, Azure Monitor, or Cloud Audit Logs enabled for function invocation monitoring ## Workflow ### Step 1: Enumerate All Serverless Functions and Configurations List all functions across cloud providers with their runtime, memory, timeout, and network settings. ```bash # AWS Lambda: List all functions with key security attributes aws lambda list-functions \ --query 'Functions[*].[FunctionName,Runtime,MemorySize,Timeout,Role,VpcConfig.VpcId,Layers[*].Arn]' \ --output ta...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

AWS · Cloud Google Cloud · Cloud Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

securing-serverless-functions

This skill covers security hardening for serverless compute platforms including AWS Lambda, Azure Functions, and Google Cloud Functions. It addresses least privilege IAM roles, dependency vulnerability scanning, secrets management integration, input validation, function URL authentication, and runtime monitoring to protect against injection attacks, credential theft, and supply chain compromises.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

aws-lambda-security

Security audit for AWS Lambda functions including IAM role least privilege, environment variable encryption (KMS), Function URLs vs API Gateway, VPC config, layer usage, container image scanning, X-Ray and logs PII, cold start state, async invocation handling, and Lambda-specific patterns across Node, Python, Go, Java runtimes. Use this skill whenever the user mentions AWS Lambda, lambda function, IAM role, Function URL, API Gateway + Lambda, Lambda layer, SAM, CDK Lambda, Serverless Framework, or asks "audit my Lambda", "Lambda security review", "Lambda IAM". Trigger when the codebase contains `serverless.yml`, `template.yaml` (SAM), `cdk.json`, or Lambda handler patterns.

1 Updated 6 days ago
hlsitechio
DevOps & Infrastructure Featured

detecting-serverless-function-injection

Detects and prevents code injection attacks targeting serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions) through event source poisoning, malicious layer injection, runtime command execution, and IAM privilege escalation via function modification. The analyst combines static analysis of function code, CloudTrail event correlation, runtime behavior monitoring, and IAM policy auditing to identify injection vectors across the expanded serverless attack surface including API Gateway, S3, SQS, DynamoDB Streams, and CloudWatch event triggers. Activates for requests involving Lambda security assessment, serverless injection detection, function event poisoning analysis, or serverless privilege escalation investigation.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

securing-aws-lambda-execution-roles

Securing AWS Lambda execution roles by implementing least-privilege IAM policies, applying permission boundaries, restricting resource-based policies, using IAM Access Analyzer to validate permissions, and enforcing role scoping through SCPs.

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

alibaba-serverless-production-readiness

Review Function Compute 3.0 (FC3), SAE (Serverless App Engine), and EDAS for production readiness — cold start optimization, VPC binding, RAM role injection, ARMS distributed tracing, security group rules, concurrency limits, and SLA-readiness.

12 Updated today
Raishin