Performing Serverless Function Security Review

When to Use

• When auditing serverless applications before production deployment
• When investigating potential data exposure through function environment variables or logs
• When assessing the blast radius of a compromised serverless function execution role
• When compliance reviews require documentation of serverless security controls
• When building secure-by-default templates for serverless deployments

Do not use for container or VM security assessments (use container scanning tools), for API security testing (use DAST tools on the API Gateway layer), or for real-time serverless threat detection (use AWS Lambda Extensions with security agents).

Prerequisites

• AWS CLI, Azure CLI, and gcloud CLI configured with appropriate permissions
• Access to read function configurations, policies, and execution roles
• Prowler or Checkov for automated serverless security scanning
• SAM CLI or Serverless Framework for local function analysis
• CloudTrail, Azure Monitor, or Cloud Audit Logs enabled for function invocation monitoring