While moving into serverless, software teams having relief of not continually applying security patches, configuring firewalls etc. since the serverless provider is responsible for securing the data center and its configurations. However, securing application logic and data is still the responsibility of the serverless practitioners. Serverless poses new security challenges by increasing the attack surface and more complex architecture that tend to create more misconfiguration problems.
It's still on developers to maintain the continuous security and continual compliance of their serverless-centric applications. It's not very straightforward to understand if the serverless functions are reaching to some places that they are not supposed to reach because of the vulnerabilities in third-party libraries or misconfiguration. At this point, Thundra provides a way of applying whitelist/blacklist security configurations for serverless functions and any other applications (only in Java for now). Using Thundra, you can make sure that your function is doing whatever it was intended to do with Thundra's whitelist configuration. You can automatically whitelist the operations that your function is currently doing, and you can also add additional resources to whitelisted resources.
After you configure your whitelist configuration, you can decide for the action for this item. You can either select to allow violations but get notified about them or you can decide to block any operations but whitelisted resources and get notified about it.
Similar to whitelisting, Thundra allows you blacklist the resources and/or endpoints that you want to restrict the access. In this way, it's guaranteed that your function will not be in any interaction between malicious site and resources.
You may think that as a developer who knows what your function is doing, you're sure that what your function does and you don't need to conduct such security configurations. However, you should think of whitelist/blacklist the resources because the third party libraries that you are using can take you to malicious endpoints.
For more information about how to whitelist/blacklist resources, you can consult to Thundra Web Console documentation here.