Resources

OWASP Serverless Top 10. When adopting serverless technology, we eliminate the need to develop a server to manage our application. By doing so, we also pass some of the security threats to the infrastructure provider. these applications are running without a managed server, they still execute code. If this code is written in an insecure manner, it can still be vulnerable to application-level attacks. This report will examine the differences in attack vectors, security weaknesses, and the business impact of application attacks on in the serverless world, and, most importantly, the report will suggest ways to to prevent them.

this seems to be a pretty comprehensive guild on how to solidify security around a PHP application. And with most things tech, the ideas presented here are applicable to many langs