Update functions-app-security.md

OWASP has published a designated document for serverless application security, which should be referenced not the traditional OWASP TOP 10 doc. I've replaced it. I'm afraid what's currently written is in contrast with OWASP's view. You can check their doc for further details but hereby, I'm quoting their conclusion: "All that means that hackers would have to come up with a different approach for attacks, which means different attack vectors. The application developers will not be able to put a single traditional perimeter protection and would need to change their way of thinking, as almost none of the mitigations suggested for traditional systems would fit in the serverless world."
CloudLandingZone · Jun 13, 2024 · da4cc73 · da4cc73
1 parent f8da936
commit da4cc73
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/serverless-quest/functions-app-security.md b/docs/serverless-quest/functions-app-security.md
@@ -24,9 +24,9 @@ This article describes Azure services and activities security personnel can impl
 
 The primary goals of a secure serverless Azure Functions application environment are to protect running applications, quickly identify and address security issues, and prevent future similar issues.
 
-The [OWASP Serverless Top 10](https://owasp.org/www-project-serverless-top-10/) describes the most common serverless application security vulnerabilities, and provides basic techniques to identify and protect against them.
+The [ OWASP Top 10: Serverless Interpretation](https://owasp.org/www-project-serverless-top-10/) describes the most common serverless application security vulnerabilities, and provides basic techniques to identify and protect against them. According to it, serverless applications are vulnerable to variations of traditional attacks, insecure code and serverless-designated attacks like Denial of Wallet. The risk and attack surface have changed for better or worse and attack prevention requires a shift in mindset. 
 
-In many ways, planning for secure development, deployment, and operation of serverless functions is much the same as for any web-based or cloud hosted application. Azure App Service provides the hosting infrastructure for your function apps. [Securing Azure Functions](/azure/azure-functions/security-concepts) article provides security strategies for running your function code, and how App Service can help you secure your functions.
+Azure App Service provides the hosting infrastructure for your function apps. [Securing Azure Functions](/azure/azure-functions/security-concepts) article provides security strategies for running your function code, and how App Service can help you secure your functions.
 
 For more information about Azure security, best practices, and shared responsibilities, see: