Skip to Content
Learning Serverless Security
book

Learning Serverless Security

by Joshua Arvin Lat
February 2026
Intermediate to advanced
534 pages
12h 21m
English
O'Reilly Media, Inc.

Overview

Serverless computing now serves as a strategic backbone of modern cloud architectures, helping teams move faster and operate at scale. However, many still struggle to understand the security model of serverless computing. As more organizations migrate critical systems and sensitive data to the cloud using serverless architectures, this gap in serverless security knowledge increasingly exposes them to serious security incidents and data breaches.

This practical guide covers offensive and defensive security techniques to audit and secure serverless applications running on AWS, Azure, and Google Cloud. You'll explore how to attack and defend vulnerable serverless applications using step-by-step instructions. By the end of this book, you'll understand how to prevent various serverless application attacks and privilege escalation techniques.

Author Joshua Arvin Lat, chief technology officer at NuWorks Interactive Labs and an AWS AI Hero, shows you how to:

  • Identify and address vulnerabilities within modern serverless applications
  • Dive deeper into serverless security risks and threats
  • Explore privilege escalation techniques in vulnerable-by-design serverless lab environments
  • Configure authentication and identity services properly on AWS, Azure, and Google Cloud
  • Implement security strategies and best practices to prevent serverless application attacks
  • Audit serverless function code using security tools and strategies
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Kubernetes Security and Observability

Kubernetes Security and Observability

Brendan Creane, Amit Gupta
Practical Cloud Native Security with Falco

Practical Cloud Native Security with Falco

Loris Degioanni, Leonardo Grasso
Microservices Security in Action

Microservices Security in Action

Prabath Siriwardena, Wajjakkara Kankanamge Anthony Nuwan Dias

Publisher Resources

ISBN: 9781098149000Errata Page