Abstract

The proliferation of serverless computing and Function-as-a-Service (FaaS) architectures has fundamentally transformed cloud-native application development, enabling unprecedented scalability and operational efficiency. However, the abstraction of underlying infrastructure has introduced a distinct attack surface characterized by critical security misconfigurations, inadequate runtime isolation, and complex privilege escalation vectors. This systematic review examines emerging security threats and modern defense mechanisms within event-driven serverless architectures, specifically focusing on AWS Lambda and Azure Functions environments. Through comprehensive analysis of recent literature (2020–2025) and industry reports, this study identifies five critical protection domains: runtime isolation vulnerabilities, Denial-of-Wallet (DoW) attacks, supply chain risks in function dependencies, over-privileged Identity and Access Management (IAM) configurations, and cross-tenant data leakage. The analysis reveals significant gaps in Backend-as-a-Service (BaaS) orchestration layer security and highlights the transition toward lightweight Trusted Execution Environments (TEEs), microVM-based isolation (Firecracker), and agentless monitoring solutions. This review evaluates the efficacy of emerging defenses including WebAssembly sandboxing, artificial intelligence-driven anomaly detection, and zero-trust architectures in mitigating sophisticated attacks while maintaining serverless performance characteristics. This review contributes a holistic security framework that addresses the intersection of event-driven workflows and serverless misconfigurations, providing actionable insights for practitioners and researchers navigating the evolving threat landscape of 2024–2025. The findings underscore the necessity for defense mechanisms that balance security rigor with the energy efficiency and cold-start latency requirements inherent to serverless paradigms.