Hardening Public Serverless Functions on Google Cloud
🛡️ This post from Mandiant highlights how publicly exposed serverless applications — often unauthenticated by design — are frequent targets for application-level attacks like LFI/RFI and command injection. It explains exploitation paths including file retrieval and service account token exfiltration, and demonstrates attack examples against Cloud Run Python functions. The article provides actionable hardening guidance such as using dedicated service accounts with least privilege, isolating public services in separate projects, enforcing S‑SDLC practices, and deploying Cloud Armor WAF and Layer 7 load balancing for centralized protection.
