📄 Page
1
Joshua Arvin Lat Learning Serverless Security Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud
📄 Page
2
9 7 8 1 0 9 8 1 4 9 0 1 7 5 6 9 9 9 ISBN: 978-1-098-14901-7 US $69.99 CAN $87.99 SECURIT Y Serverless computing now serves as a strategic backbone of modern cloud architectures, helping teams move faster and operate at scale. However, many still struggle to understand the security model of serverless computing. As more organizations migrate critical systems and sensitive data to the cloud using serverless architectures, this gap in serverless security knowledge increasingly exposes them to serious security incidents and data breaches. This practical guide covers offensive and defensive security techniques to audit and secure serverless applications running on AWS, Azure, and Google Cloud. You’ll explore how to attack and defend vulnerable serverless applications using step-by-step instructions. By the end of this book, you’ll understand how to prevent various serverless application attacks and privilege escalation techniques. • Identify and address vulnerabilities within modern serverless applications • Dive deeper into serverless security risks and threats • Explore privilege escalation techniques in vulnerable-by-design serverless lab environments • Configure authentication and identity services properly on AWS, Azure, and Google Cloud • Implement security strategies and best practices to prevent serverless application attacks • Audit serverless function code using security tools and strategies Joshua Arvin Lat is the CTO of NuWorks Interactive Labs, an AWS AI Hero, and author of several books on machine learning and cloud security. A global cybersecurity competition winner with senior leadership experience across multiple organizations, he’s internationally recognized for driving impact across AI, engineering, and security. Learning Serverless Security “An exceptional gateway for aspiring serverless security practitioners. From high-level introductions to hands-on labs and deep dives, this book accelerates learning for non-IT beginners and advanced practitioners alike.” Jasper Riane D. Mendoza, senior solutions architect, Worldwide Public Sector, Amazon Web Services “This book is a must-have for DevSecOps professionals, application security engineers, and AppSec pentesters. Joshua addresses the current threats and vulnerabilities in serverless applications before delving deeper into exploiting them with practical attacks, such as privilege escalation and creating backdoors.” Jay Turla, principal security researcher (automotive)
📄 Page
3
Praise for Learning Serverless Security An exceptional gateway for aspiring serverless security practitioners. From high-level introductions to hands-on labs and deep dives, this book accelerates learning for non- IT beginners and advanced practitioners alike—making the following accessible to all: complex cybersecurity concepts, mitigations, and quite frankly, even hacking techniques! —Jasper Riane D. Mendoza, senior solutions architect, Worldwide Public Sector, Amazon Web Services This book is a must-have for DevSecOps professionals, application security engineers, and AppSec pentesters. Joshua addresses the current threats and vulnerabilities in serverless applications before delving deeper into exploiting them with practical attacks, such as privilege escalation and creating backdoors. He really knows how attackers think and how to secure your assets. —Jay Turla, principal security researcher (automotive) This book provides a deep, practical walkthrough of serverless security, from identity access misconfigurations and exposed functions to patterns and event-driven attacks. It’s an invaluable resource for engineers securing real-world workloads across major cloud platforms. —Rafi Quisumbing, award-winning AWS Hero, Fractional CTO, and cloud advisor As someone who has worked in academia, government, and industry, I consider this book a rare link between theory and practice and value the clarity it provides in demystifying serverless risks. Complex threats become understandable through practical insights. —Mars Cacacho, cybersecurity senior manager, founder, Hackthenorth.ph
📄 Page
4
A great primer on serverless security. This book teaches you that protecting serverless apps is more than protecting your functions, cloud storage resources, and access keys. It shows you different ways attackers can compromise your cloud applications running on AWS, Google Cloud, and Azure. —Raphael Jambalos, head of application modernization and security, eCloudValley Philippines This book doesn’t just explain serverless security—it demonstrates it hands-on. By walking the reader through realistic attack paths and concrete mitigations, Learning Serverless Security equips engineers to think like both builders and attackers. —Adelen Festin, software engineer As AI coding tools accelerate serverless development, security becomes the critical differentiator. This book equips vibe coders, developers, security engineers, and architects with essential multi-cloud expertise to defend applications in the age of AI-assisted development. —Jason Torres, founder, BetterGov.ph Joshua provides essential hands-on training in serverless security across all major cloud platforms. The vulnerable-by-design labs brilliantly demonstrate both attack and defense techniques. This practical approach transforms security theory into actionable skills, a must-read for cloud architects and security professionals. —Diwa “Wawi” del Mundo, founder of Apper Digital, Inc. (AWS Advanced Tier Services Partner, Google Cloud Partner) A well-structured and timely guide to serverless security. The risk assessments and controls are practical, relevant, and easy to apply. This is a book that both experienced cybersecurity professionals and newcomers will benefit from. —Felix Marasigan, security operations center - head, G-Xchange Inc. (GCash) Finally, an excellent hands-on guide that tackles various security challenges of serverless applications across AWS, Azure, and Google Cloud! With tons of real-world examples, including steps to secure your AI-powered serverless apps, it is especially relevant in today’s AI-driven industry. —Jon Bonso, CEO, Tutorials Dojo
📄 Page
5
Having worked with serverless technologies on AWS for five years, I was impressed that this book summarizes everything you need to know about serverless: architectural patterns, access controls, best practices, and even hacking. —Seaver Choy, engineering director, First Mate Technologies This book is a refreshing take on serverless security. It goes beyond the usual “secure your functions” narrative and instead examines the full picture of how identity, storage, networking, CI/CD, and application code come together in real serverless systems. It connects the dots across services and software layers, showing that security isn’t something you bolt into serverless functions, but something you design across the entire architecture. It’s practical, insightful, and grounded in how serverless actually works in production, not just how it’s marketed. —Michael Angelo C. Rayco, global cloud solutions architect, International Rice Research Institute
📄 Page
6
(This page has no text content)
📄 Page
7
Joshua Arvin Lat Learning Serverless Security Hacking and Securing Serverless Cloud Applications on AWS, Azure, and Google Cloud
📄 Page
8
978-1-098-14901-7 [LSI] Learning Serverless Security by Joshua Arvin Lat Copyright © 2026 Joshua Arvin Lat. All rights reserved. Published by O’Reilly Media, Inc., 141 Stony Circle, Suite 195, Santa Rosa, CA 95401. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (https://oreilly.com). For more information, contact our corporate/institu‐ tional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: Simina Calin Development Editor: Rita Fernando Production Editor: Gregory Hyman Copyeditor: Sharon Wilkey Proofreader: Andrea Schein Indexer: WordCo Indexing Services, Inc. Cover Designer: Karen Montgomery Cover Illustrator: Monica Kamsvaag Interior Designer: David Futato Interior Illustrator: Kate Dullea Technical Reviewers: Adelen Festin, Raphael Jambalos, Anil Moka, Sathiesh Veera, and Wietse Venema February 2026: First Edition Revision History for the First Edition 2026-02-17: First Release See https://oreilly.com/catalog/errata.csp?isbn=9781098149017 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning Serverless Security, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author, and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
📄 Page
9
Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii 1. Introduction to Serverless Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Demystifying Serverless Computing 3 Embracing Serverless 3 Exploring Definitions and Serverless Use Cases 8 Debunking Common Myths and Misconceptions 11 Myth 1: Serverless Means That No Servers Are Involved 12 Myth 2: Serverless Is Equivalent to FaaS 13 Myth 3: Serverless Is Offered Only by Cloud Providers 16 Myth 4: Serverless Is Suitable for Only Simple, Small-Scale Applications 17 Myth 5: Serverless Computing and Containerization Don’t Work Well Together 20 Myth 6: Serverless Applications Support Only a Limited Number of Languages 21 Myth 7: Serverless Eliminates All Management and Operational Tasks 21 Myth 8: Serverless Platforms and Services Are Interchangeable, with No Differences 23 Myth 9: Serverless Applications Are Immune to Security Attacks 24 Summary 26 2. Understanding Serverless Architectures and Implementation Patterns. . . . . . . . . . . . . 27 Cloud Services and Capabilities That Enable the Serverless Operational Model 28 Serverless Services, Features, and Capabilities on AWS 32 Serverless Services, Features, and Capabilities on Azure 34 Serverless Services, Features, and Capabilities on Google Cloud 36 vii
📄 Page
10
Common Building Blocks, Patterns, and Solutions for Serverless Architectures 38 Serverless Web Applications and APIs 39 Queue-Based Load Leveling Pattern 42 Gatekeeper Pattern 44 Fan-Out Pattern 46 Valet Key Pattern 48 Event-Driven Serverless Containers 48 Event-Driven File Processing 50 Functionless Integration Pattern 52 Federated Identity Pattern 53 Centralized Logging and Monitoring 54 Summary 56 3. Diving Deeper into Serverless Security Threats and Risks. . . . . . . . . . . . . . . . . . . . . . . . . 57 Publicly Accessible Functions 58 Misconfigured Cloud Storage Resources 60 Leaked Credentials 62 Insecure Storage of Credentials and Secret Keys 63 Injection Attacks 64 Over-Privileged Permissions and Roles 69 Business Logic Vulnerabilities 70 Insecure Network Configuration 71 Insufficient Tracing, Logging, Monitoring, and Alerting 72 Serverless Security Mechanism Limitations 72 Compromised CI/CD Pipelines 73 Broken Authentication 75 Vulnerable Application Dependencies 80 Denial of Service and Denial of Wallet 82 Cross-Site Scripting 82 API Gateway Security Misconfigurations 84 Supply Chain Attacks 86 Summary 89 4. Exploiting and Securing Exposed AWS IAM Credentials. . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Reviewing Technical Prerequisites 92 Understanding How AWS IAM Works 93 Setting Up the Vulnerable-by-Design Serverless Lab Environment 96 Creating an IAM User with the AdministratorAccess Policy Attached 98 Creating Trails in CloudTrail to Capture API Calls Made in the Account 102 viii | Table of Contents
📄 Page
11
Configuring Bedrock Model Invocation Logging 105 Completing the Vulnerable Serverless AI-Powered Application 108 Gaining Access via Exposed Credentials from Client-Side Code 114 Disabling CloudTrail Logging to Evade Detection 121 Creating a Backdoor IAM User with Administrator Privileges 124 Simulating Unauthorized Bedrock Model Invocation from the Attacker Account 127 Auditing the CloudTrail Logs and the Bedrock Model Invocation Logs 130 Summary 139 5. Exploiting and Securing Misconfigured AWS IAM Roles. . . . . . . . . . . . . . . . . . . . . . . . . . 141 Reviewing Technical Prerequisites 141 Abusing AssumeRole for Privilege Escalation 142 Setting Up an Overly Permissive IAM Role 143 Setting Up IAM Groups and Users 145 Deploying a Lambda Function with an Overly Permissive IAM Role 148 Leveraging AssumeRole to Escalate Privileges 152 Establishing Persistence with New IAM User Credentials 157 Escalating Privileges and Establishing Persistence Through an AWS Lambda Function with a Misconfigured IAM Role 159 Mitigating the AssumeRole Privilege Escalation Vulnerability 160 Reconfiguring the AWS CLI and Verifying That AssumeRole Can No Longer Be Used to Escalate Privileges 161 Abusing a Function’s Overly Permissive Execution Role to Escalate Privileges 163 Establishing Persistence with New IAM User Credentials 171 Establishing Persistence via a Backdoored Lambda Version 174 Summary 183 6. Hacking Publicly Accessible AWS Lambda Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Reviewing Technical Prerequisites 186 Preparing and Deploying a Vulnerable Serverless Web Application 186 Setting Up a Vulnerable AWS Lambda Function 187 Configuring an S3 Bucket for Static Website Hosting 193 Testing for Common S3 Bucket Misconfigurations 199 Using Code Injection Attacks to Execute Arbitrary Code in Lambda Functions 203 Exfiltrating Sensitive Data via Code Injection and Outbound Network Access 207 Updating the Lambda Function with Limited Code Injection Safeguards 207 Table of Contents | ix
📄 Page
12
Setting Up the Server That Receives Exfiltrated Data 210 Attacking the Vulnerable Serverless Web Application 217 Stealing Secrets Manager Secrets Through a Vulnerable Lambda Function 221 Storing Secrets in AWS Secrets Manager 222 Updating the Lambda Function Role Permissions for Accessing Secrets Manager 223 Updating the Lambda Function Code to Retrieve Secrets from Secrets Manager 224 Stealing Secrets Manager Secrets Through a Code Injection Attack 227 Summary 230 7. Running and Securing Serverless Functions in a VPC. . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Reviewing Technical Prerequisites 232 Updating the Lambda Function Execution Role with the Required VPC Permissions 232 Setting Up and Configuring a VPC with Restricted Outbound Access 235 Attaching the Lambda Function to the VPC with Restricted Outbound Access 242 Setting Up an API Gateway REST API That Routes Requests to the Lambda Function 243 Updating the S3-Hosted Website to Use the API Gateway Endpoint URL 251 Verifying That Code Injection Attacks Attempting Outbound Access No Longer Work 253 Writing Secure Lambda Function Code to Defend Against Code Injection Attacks 256 Summary 262 8. Hacking and Securing Google Cloud Storage Buckets. . . . . . . . . . . . . . . . . . . . . . . . . . . 265 Reviewing Technical Prerequisites 266 Exploring Cloud Storage Bucket Security Misconfigurations 266 Setting Up a Vulnerable-by-Design Cloud Storage Bucket 267 Exploiting the Misconfigured Cloud Storage Bucket 273 Securing the Misconfigured Bucket 275 Simulating a Dangling Bucket Takeover 278 Setting Up the Dangling Bucket 279 Executing the Bucket Takeover 282 Enforcing Secure Bucket Configuration with Infrastructure as Code 285 Provisioning a Cloud Storage Bucket with IaC 285 Detecting and Remediating Configuration Drift 291 Auditing IaC Configurations with Checkov 294 Summary 299 x | Table of Contents
📄 Page
13
9. Abusing Google Cloud Storage Event Triggers with Malicious File Uploads. . . . . . . . . 301 Reviewing Technical Prerequisites 301 Preparing the Vulnerable-by-Design Google Cloud Lab Environment 302 Setting Up the Google Cloud Project 303 Creating a Parameter Manager Parameter 307 Setting Up the Cloud Storage Buckets 312 Deploying a Vulnerable Cloud Run Service 317 Completing the Vulnerable Event-Driven File Upload Service 323 Validating End-to-End Event-Driven Processing 327 Exploiting a Cloud Run Service Through a Malicious File Upload 330 Setting Up a Reverse Shell Listener 331 Triggering a Reverse Shell with a Malicious File Upload 334 Exploring and Inspecting the Project Resources 338 Summary 347 10. Setting Up Backdoors and Escalating Privileges in Google Cloud. . . . . . . . . . . . . . . . . . 349 Reviewing Technical Prerequisites 350 Setting a Lower Cloud Run Service Timeout 350 Generating a Service Account Key Associated with the Compromised Cloud Run Service 353 Configuring a Backdoor Service Account 357 Further Reducing the Cloud Run Timeout and Restricting the Service Account Permissions 359 Exploiting a Cloud Run Service Without a Reverse Shell 364 Setting Up a Local Server and a Tunnel That Receives Exfiltrated Data 364 Exfiltrating Environment Variables from a Cloud Run Service 366 Exfiltrating the Source Code from a Cloud Run Service 368 Exfiltrating Service Account Credentials from a Cloud Run Service 370 Escalating Privileges Through a Cloud Run Function 379 Escalating Privileges Through a Compute Engine VM Instance 388 Summary 395 11. Hacking and Securing Azure Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Reviewing Technical Prerequisites 398 Setting Up and Deploying a Vulnerable-by-Design Serverless Function 399 Exploiting the Vulnerable Serverless Function 414 Storing Secrets in Azure Key Vault 423 Abusing an Overly Permissive Managed Identity to Exfiltrate Key Vault Secrets 432 Summary 440 Table of Contents | xi
📄 Page
14
12. Escalating Privileges in Microsoft Azure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Reviewing Technical Prerequisites 444 Updating the Function App Permissions 444 Escalating Privileges Through an Overly Permissive Managed Identity 452 Applying Least Privilege to the Function App Managed Identity 467 Summary 474 13. Analyzing, Auditing, and Securing Serverless Application Code. . . . . . . . . . . . . . . . . . . 475 Reviewing Technical Prerequisites 476 Using Semgrep to Detect Security Issues in Serverless Application Code 476 Securing Serverless Application Code from Code Injection 482 Developing a Custom Script That Detects Malicious Dependencies 488 Using OSV-Scanner to Detect Vulnerable Packages 497 Summary 504 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505 xii | Table of Contents
📄 Page
15
Preface In the last few years, more organizations around the world have started to embrace the serverless computing paradigm when building scalable and reliable applications in the cloud. Tooling and support for managing serverless applications across a vari‐ ety of cloud platforms have significantly improved as well. To support the increased adoption of serverless computing services and architectures, cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud continue to push the limits of serverless computing through the addition of services and capabilities in their product offerings. That said, this increased adoption of serverless and cloud computing has also increased the risk of data breaches as more companies store their data in the cloud without having a solid understanding of serverless and cloud security. Despite these trends, a big gap exists in serverless security knowledge and expertise. Security professionals are still catching up on the evolving set of techniques for hacking and securing serverless applications in the cloud. This book aims to bridge this gap by diving deeper into the offensive and defensive security strategies when dealing with modern serverless architectures. Who Should Read This Book This book is for security engineers, cloud engineers, developers, security architects, and penetration testers responsible for managing, auditing, and securing their cloud infrastructure. This book is targeted toward professionals with experience using cloud services who are planning to dive deeper into cloud and serverless security. You are expected to have a good understanding of the concepts of cloud computing and security. Basic knowledge of serverless computing and the fundamental services of AWS, Google Cloud, and Azure will help. Knowledge or experience using security tools is optional. xiii
📄 Page
16
Why I Wrote This Book Despite the increased adoption of serverless computing, relatively few books and resources focus on the security of serverless applications and systems. With the opportunity to influence the future of technology, I decided to write this book to help the next generation of technology professionals build more-secure applications in the cloud. I hope that this book will be a useful resource for those interested in learning more about serverless security strategies and best practices. Navigating This Book Here’s an outline of what this book covers: Chapter 1, “Introduction to Serverless Computing”, and Chapter 2, “Understanding Serverless Architectures and Implementation Patterns” I will demystify what serverless computing is, cover common myths and mis‐ conceptions, and give you an overview of how serverless applications are imple‐ mented on AWS, Azure, and Google Cloud. To help you see how the core principles of serverless computing are applied in practice, you’ll explore some of the most common building blocks, patterns, and solutions used in serverless architectures and examine the relevant security considerations along the way. Chapter 3, “Diving Deeper into Serverless Security Threats and Risks” You will build upon what you learned in the first two chapters and explore the security considerations relevant to serverless applications. To broaden your understanding of serverless security, you will dive deep into a variety of security threats and risks relevant to serverless computing. Chapter 4, “Exploiting and Securing Exposed AWS IAM Credentials”, Chapter 5, “Exploiting and Securing Misconfigured AWS IAM Roles”, Chapter 6, “Hacking Publicly Accessible AWS Lambda Functions”, and Chapter 7, “Running and Securing Serverless Functions in a VPC” You will focus on AWS serverless security and experience firsthand how attackers exploit misconfigurations and vulnerabilities in serverless applications. You will also learn the best practices for securing the various components and building blocks in serverless applications running on AWS. Chapter 8, “Hacking and Securing Google Cloud Storage Buckets”, Chapter 9, “Abusing Google Cloud Storage Event Triggers with Malicious File Uploads”, and Chapter 10, “Setting Up Backdoors and Escalating Privileges in Google Cloud” You will focus on securing serverless environments in Google Cloud. You will examine common cloud storage bucket misconfigurations, how event triggers can be exploited through malicious file uploads, as well as how attackers can set up backdoors and escalate privileges. In addition, you will learn how to recognize xiv | Preface
📄 Page
17
vulnerabilities and misconfigurations in your serverless applications running on Google Cloud, so you can stay one step ahead of attackers. Chapter 11, “Hacking and Securing Azure Functions”, Chapter 12, “Escalating Privileges in Microsoft Azure”, and Chapter 13, “Analyzing, Auditing, and Securing Serverless Application Code” You will focus on Azure serverless security and dive deep into how attack‐ ers exploit misconfigurations and vulnerabilities in serverless functions. You’ll explore privilege escalation techniques specific to Azure, and use various tools and approaches to analyze your serverless application code and its dependencies. Together, these chapters will complete your journey through serverless security by covering areas not fully addressed in previous chapters, helping you secure your serverless applications and systems against a broader range of attacks. Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, and email addresses. Constant width Used for filenames, file extensions, and program listings, as well as within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords. Also used to indicate text that should be typed literally by the user, such as in a UI field. Constant width bold Used to call attention to code snippets of particular interest, within the context of the discussion. Constant width italic Shows text that should be replaced with user-supplied values or by values deter‐ mined by context. This element signifies a tip or suggestion. Preface | xv
📄 Page
18
This element signifies a general note. This element indicates a warning or caution. Using Code Examples Supplemental material (code examples, exercises, etc.) is available for download at https://oreil.ly/learning-serverless-security-code. If you have a technical question or a problem using the code examples, please send an email to bookquestions@oreilly.com. This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission. We appreciate, but generally do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Learning Server‐ less Security by Joshua Arvin Lat (O’Reilly). Copyright 2026 Joshua Arvin Lat, 978-1-098-14901-7.” If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. O’Reilly Online Learning For more than 40 years, O’Reilly Media has provided technol‐ ogy and business training, knowledge, and insight to help companies succeed. xvi | Preface
📄 Page
19
Our unique network of experts and innovators share their knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, visit https://oreilly.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 141 Stony Circle, Suite 195 Santa Rosa, CA 95401 800-889-8969 (in the United States or Canada) 707-827-7019 (international or local) 707-829-0104 (fax) support@oreilly.com https://oreilly.com/about/contact.html We have a web page for this book, where we list errata and any additional informa‐ tion. You can access this page at https://oreil.ly/learning-serverless-security. For news and information about our books and courses, visit https://oreilly.com. Find us on LinkedIn: https://linkedin.com/company/oreilly. Watch us on YouTube: https://youtube.com/oreillymedia. Acknowledgments Writing this book has been a truly rewarding experience, thanks to the unwavering support and invaluable feedback shared by many dedicated contributors. I would like to express my deepest gratitude to the reviewers who generously shared their time, expertise, and valuable input throughout the development of this book. Thank you to Adelen Festin, Raphael Jambalos, Sathiesh Veera, Anil Moka, and Wie‐ tse Venema. Your insightful comments and actionable feedback have been invaluable. Special thanks to the O’Reilly team, including Simina Calin, Rita Fernando, Sara Hunter, Beth Kelly, Gregory Hyman, and Sharon Wilkey for your guidance, support, and attention to detail throughout the publishing process. Many others also played important roles in bringing this book to life, and I am truly grateful for their contri‐ butions. Thank you for being part of this journey and helping shape this book into what it is today. Preface | xvii
📄 Page
20
(This page has no text content)