Working Group


Join Group


The Serverless WG seeks to develop best practices to help organizations that want to run their business with a serverless business model. Serverless architecture aims at changing the economic model of cloud computing, with the hope of introducing efficiency and cost savings. Serverless computing means that there are no servers to manage services. Hence in a serverless world, one no longer has to work on an operating system level. The challenge here however is that this system is dependent upon a single functions-as-a-service (FaaS) framework, meaning that it is operating within a single context and the constraints of a single cloud provider. With the complexity of this business model, it is imperative that industry best practices are established to provide companies with guidelines to achieve compliance and security, that developers can effortlessly work with and employers are able to evaluate developers' work, and perceive the serverless architectural model at the same time.


The 12 Most Critical Risks for Serverless Applications

Release Date: 02/11/2019

The 12 Most Critical Risks for Serverless Applications 2019 document is meant to serve as a security awareness and education guide. This report was curated a...

The 12 Most Critical Risks for Serverless Applications

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.


Aradhna Chetal Headshot

Aradhna Chetal is Global Head for Cloud Security Architecture at HSBC (Hong Kong Shanghai Banking Corporation). She has worked for a number of enterprises like JP Morgan Chase, Merck, Boeing Compan...

Aradhna Chetal
Vishwas Manral Headshot

Vishwas is the Head of Container Security and the Chief Architect, Cloud at McAfee. He joined McAfee through the acquisition of his company NanoSec in August 2019. Vishwas is an advisor to multiple...

Vishwas Manral