Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise those of you in the US get this reference. Similar change in application...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.17.0

Release of OpenShift Serverless 1.17.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.17.0

Release of OpenShift Serverless Client kn 1.17.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196

CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0...

Integrate Serverless Security for Runtime Apps

Serverless solutions are prone to a high degree of application attacks. Learn how to build runtime application self-protection with vulnerability visibility and mitigation capabilities for your serverless applications...

CVE-2021-3703

CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift Serverless, which is due to an incomplete fix for other Red Hat vulnerabilities...

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...

GHSA-H97F-5258-5593 Incorrect Authorization in serverless-offline

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

Incorrect Authorization in serverless-offline

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

Privilege Escalation

serverless-offline is vulnerable to privilege escalation. The vulnerability exists in createAuthScheme function of createAuthScheme.js due to an insecure access control from a misinterpreted HTTP status code which allows an attacker to download a web content page via malicious URL...

CVE-2021-38384

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

CVE-2021-38384

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

Improper access control

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

CVE-2021-38384

CVE-2021-38384 affects Serverless Offline 8.0.0. The issue is that a route with a trailing / may yield a 403 in some contexts, while AWS/Lambda behavior can be 200, potentially granting higher permissions than intended due to an insecure access control interpretation. Root cause described as a mi...

CVE-2021-38384

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...

serverless安全漏洞

Serverless is a software application. Is this in order to be the one that contains all the official repo AWS Serverless architecture patterns built with the CDK? A security vulnerability exists in Serverless 8.0.0 that could cause developers to implement incorrect access controls...

Secure Your Images with AWS Lambda Serverless Functions

NEW on AWS Lambda: Learn how to package up your serverless functions as container images...