Serverless functions (Lambda, Azure Functions) are ephemeral. They spin up, run code, and die. This makes persistence difficult for hackers (no file system to hide in). But it introduces new risks.
Denial of Wallet (DoS)
In a normal server, a DoS attack crashes the CPU.
In Serverless, Amazon auto-scales to handle the load.
The Attack: Hacker sends 1,000 requests per second to your function.
The Result: Amazon spins up 1,000 concurrent Lambdas. Your application stays online, but your credit card is charged $10,000 in one hour.
Fix: Set "Concurrency Limits" and "Budget Alarms".
1. Event Injection
Lambdas are often triggered by events (S3 upload, DynamoDB stream).
If you trust the event data blindly, you can be exploited.
Example: Taking a filename from an S3 event and passing it to a `system()` call. (Command Injection via filename).
2. Over-Privileged Functions
Developers often give Lambda roles `AdministratorAccess` because debugging permission errors is hard.
If a single function is compromised (code application vulnerability), the attacker inherits those Admin rights and deletes your entire Cloud environment.