© Miguel A. Calles 2020
M. A. CallesServerless Securityhttps://doi.org/10.1007/978-1-4842-6100-2_2

2. Performing a Risk Assessment

Miguel A. Calles1 
La Habra, CA, USA

In this chapter, we will learn how to perform a risk assessment for a serverless application. We will explore how to understand how the application works, which includes reviewing documentation, source code, and system accounts and using the application. We will discuss why we scope the risk assessment. We will learn how to develop a threat model and how to use it to start creating the risk assessment.


We will review the conventions used throughout this book. For clarity, we will use one example application throughout. We might deviate from this example application at ...

Get Serverless Security: Understand, Assess, and Implement Secure and Reliable Applications in AWS, Microsoft Azure, and Google Cloud now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.