Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Marin, Eduard, Kim, Jinwoo, Pavoni, Alessio, Conti, Mauro, Di Pietro, Roberto
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2510.17311
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866908602903560192
author Marin, Eduard
Kim, Jinwoo
Pavoni, Alessio
Conti, Mauro
Di Pietro, Roberto
author_facet Marin, Eduard
Kim, Jinwoo
Pavoni, Alessio
Conti, Mauro
Di Pietro, Roberto
contents Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless applications. However, their growing popularity makes them attractive targets for adversaries. Despite this, the security posture of these repositories remains largely unexplored, exposing developers and organizations to potential risks. In this paper, we present the first comprehensive analysis of the security landscape of serverless components hosted in public repositories. We analyse 2,758 serverless components from five widely used public repositories popular among developers and enterprises, and 125,936 Infrastructure as Code (IaC) templates across three widely used IaC frameworks. Our analysis reveals systemic vulnerabilities including outdated software packages, misuse of sensitive parameters, exploitable deployment configurations, susceptibility to typo-squatting attacks and opportunities to embed malicious behaviour within compressed serverless components. Finally, we provide practical recommendations to mitigate these threats.
format Preprint
id arxiv_https___arxiv_org_abs_2510_17311
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment
Marin, Eduard
Kim, Jinwoo
Pavoni, Alessio
Conti, Mauro
Di Pietro, Roberto
Cryptography and Security
Serverless computing has rapidly emerged as a prominent cloud paradigm, enabling developers to focus solely on application logic without the burden of managing servers or underlying infrastructure. Public serverless repositories have become key to accelerating the development of serverless applications. However, their growing popularity makes them attractive targets for adversaries. Despite this, the security posture of these repositories remains largely unexplored, exposing developers and organizations to potential risks. In this paper, we present the first comprehensive analysis of the security landscape of serverless components hosted in public repositories. We analyse 2,758 serverless components from five widely used public repositories popular among developers and enterprises, and 125,936 Infrastructure as Code (IaC) templates across three widely used IaC frameworks. Our analysis reveals systemic vulnerabilities including outdated software packages, misuse of sensitive parameters, exploitable deployment configurations, susceptibility to typo-squatting attacks and opportunities to embed malicious behaviour within compressed serverless components. Finally, we provide practical recommendations to mitigate these threats.
title The Hidden Dangers of Public Serverless Repositories: An Empirical Security Assessment
topic Cryptography and Security
url https://arxiv.org/abs/2510.17311