Serverless computing is an emerging cloud paradigm with serverless functions at its core. While serverless environments enable software developers to focus on developing applications without the need to actively manage the underlying runtime infrastructure, they open the door to a wide variety of security threats that can be challenging to mitigate with existing methods. Existing security solutions do not apply to all serverless architectures, since they require significant modifications to the serverless infrastructure or rely on third-party services for the collection of more detailed data. In this paper, we present an extendable serverless security threat detection model that leverages cloud providers' native monitoring tools to detect anomalous behavior in serverless applications. Our model aims to detect compromised serverless functions by identifying post-exploitation abnormal behavior related to different types of attacks on serverless functions, and therefore, it is a last line of defense. Our approach is not tied to any specific serverless application, is agnostic to the type of threats, and is adaptable through model adjustments. To evaluate our model's performance, we developed a serverless cybersecurity testbed in an AWS cloud environment, which includes two different serverless applications and simulates a variety of attack scenarios that cover the main security threats faced by serverless functions. Our evaluation demonstrates our model's ability to detect all implemented attacks while maintaining a negligible false alarm rate.

Full automation of IT infrastructure and the delivery of efficient IT operations as billed services have been long-standing goals of the computing industry since at least the 1960s. A newcomer--serverless computing--emerged in the late 2010s with characteristics claimed to be different from those of established IT services, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) clouds. Even though serverless computing has gained significant attention in industry and academia over the past five years, there is still no consensus about its unique distinguishing characteristics and precise understanding of how these characteristics differ from classical cloud computing. What is serverless computing, and what are its implications? Market analysts are agreed that serverless computing has strong market potential, with projected compound annual growth rates (CAGRs) varying between 21% and 28% through 20284,25,33,35,49 and a projected market value of $36.8 billion49 by that time. Early adopters are attracted by expected cost reductions (47%), reduced operation effort (34%), and scalability (34%).17 In research, the number of peer-reviewed publications connected to serverless computing has risen steadily since 2017.46 In industry, the term is heavily used in cloud provider advertisements and even in the naming of specific products or services. Yet despite this enthusiasm, there exists no common and precise understanding of what serverless is (and of what it is not). Indeed, existing definitions of serverless computing are largely inconsistent and unspecific, which leads to confusion in the use of not only this term but also related terms such as cloud computing, cloud-native, Container-as-a-Service (CaaS), Platform-as-a-Service (PaaS), Function-as-a-Service (FaaS), and Backend-as-a-Service (BaaS).12 As an extended discussion during a 2021 Dagstuhl Seminar2 and our analysis of existing definitions of serverless computing reveal, current definitions focus on a variety of aspects, from abstractions to practical concerns, from computational to financial, from separation of concerns to how concerns should be enacted, and so on. These definitions do not provide consensus, and they are omissive in essential points or even diverge.

Welcome to the 21st edition of the AWS Serverless ICYMI (in case you missed it) quarterly recap. Every quarter, we share all the most recent product launches, feature enhancements, blog posts, webinars, live streams, and other interesting things that you might have missed! In case you missed our last ICYMI, check out what happened last quarter here. Artificial intelligence (AI) technologies, ChatGPT, and DALL-E are creating significant interest in the industry at the moment. Find out how to integrate serverless services with ChatGPT and DALL-E to generate unique bedtime stories for children.

Inside, you'll discover what Claudia.js Each chapter is filled with exercises, examples, tips, and more to make sure you're ready to bring what you've learned into your own work. The benefits of cloud-hosted serverless web apps are undeniable: lower complexity, quicker time to market, and easier scalability than traditional, server-dependent designs. Serverless Applications with Node.js teaches you to design and build serverless web apps on AWS using JavaScript, Node, and Claudia.js. You'll also discover techniques for migrating existing apps to a serverless platform.

As a developer advocate, I spend a lot of time at developer conferences (talking about serverless). Upon returning from each trip, I need to compile a "trip report" on the event for my bosses. This helps demonstrate the value in attending events and that I'm not just accruing air miles and hotel points for fun… I always include any social media content people post about my talks in the trip report. This is usually tweets with photos of me on stage. If people are tweeting about your session, I assume they enjoyed it and wanted to share with their followers.

Based on Apache OpenWhisk, IBM Cloud Functions is a Functions as a Service (FaaS) platform that makes it easy to build and deploy serverless applications. In this tutorial, you'll build a serverless application using IBM Cloud Functions that monitors the content of a Cloud Object Storage bucket and analyzes the content of images that are uploaded to the bucket by a human or an automated process. For illustrative purposes, analysis is performed by a deep learning microservice from the Model Asset eXchange and analysis results are stored as JSON files in the same bucket. You can easily adapt the outlined approach to take advantage of hosted cognitive services, such as those provided by IBM Watson, and to store results in a NoSQL datastore like Cloudant or a relational database. By completing this introductory tutorial, you learn how to monitor a Cloud Object Storage bucket for changes (new objects, updated objects, or deleted objects) using Cloud Functions and how to use deep learning microservices from the Model Asset eXchange to automatically analyze those objects in near real time.

Based on Apache OpenWhisk, IBM Cloud Functions is a Functions as a Service (FaaS) platform that makes it easy to build and deploy serverless applications. In this tutorial, you'll build a serverless application using IBM Cloud Functions that monitors the content of a Cloud Object Storage bucket and analyzes the content of images that are uploaded to the bucket by a human or an automated process. For illustrative purposes, analysis is performed by a deep learning microservice from the Model Asset eXchange and analysis results are stored as JSON files in the same bucket. You can easily adapt the outlined approach to take advantage of hosted cognitive services, such as those provided by IBM Watson, and to store results in a NoSQL datastore like Cloudant or a relational database. By completing this introductory tutorial, you learn how to monitor a Cloud Object Storage bucket for changes (new objects, updated objects, or deleted objects) using Cloud Functions and how to use deep learning microservices from the Model Asset eXchange to automatically analyze those objects in near real time.

Apache OpenWhisk on IBM Bluemix provides a powerful and flexible environment for deploying cloud-native applications driven by data, message, and API call events. In his session at 20th Cloud Expo, Daniel Krook, Software Architect, IBM Watson and Cloud Platform, and Distinguished IT Specialist, will discuss why serverless architectures are attractive for many emerging cloud workloads and when you should consider OpenWhisk for your next project. Then get started on Bluemix with three sample applications covering how the OpenWhisk programming model enables you both to implement REST APIs and process non-HTTP events at scale. Speaker Bio Daniel Krook is a New York-based Software Engineer, Distinguished IT Specialist, Master Inventor, and Member of the IBM Academy of Technology. He works with customers and the community to create first-of-a-kind cloud solutions based on the OpenStack, Cloud Foundry, Docker, and OpenWhisk open source projects.