Let's understand how serverless security is different from normal application security. The security story on serverless is mostly a good one. Because the underlying infrastructure is completely managed by the cloud provider, there are no out-of-date versions of software running on poorly maintained servers with unnecessary ports exposed. Azure is accredited with many different security standards and is generally considered to be very secure. The platform itself is actively protected against malware and DoS attacks.
However, that's not to say that Serverless is automatically secure. It shares some vulnerabilities with conventional systems that are worth noting:
You still need to take care of authentication, authorization, and access control. If you set up a serverless database with a password in the top 10 most common passwords, it can be hacked just as easily as if it were a non-serverless database.
Services such as FaaS, or any serverless service that interacts with...