Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information. Update Jan 29, 2019 Update Jan 9, 2019


This tutorial assumes the reader has basic knowledge of serverless and security concepts. It is recommended to first review the OWASP Serverless Top 10 project and the report, reviewing common weaknesses in serverless architecture.

Please also note that this tutorial covers only a small portion of the vulnerabilities that exist in the DVSA. There are dozens more vulnerabilities and scenarios that are not covered in the tutorial and you are encouraged to find and document more vulnerabilities that you find.

Good luck!

LESSON #1: Event Injection

LESSON #2: Broken Authentication

LESSON #3: Sensitive Data Exposure

LESSON #4: Insecure Cloud Configurations

LESSON #5: Broken Access Control

LESSON #6: Denial of Service (DoS)

LESSON #7: Over-Privileged Functions

LESSON #8: Logic Vulnerabilities

LESSON #9: Vulnerable Dependencies

LESSON #10: Unhandles Exceptions

You can’t perform that action at this time.