LESSONS

This tutorial assumes the reader has basic knowledge of serverless and security concepts. It is recommended to first review the OWASP Serverless Top 10 project and the report, reviewing common weaknesses in serverless architecture.

Please also note that this tutorial covers only a small portion of the vulnerabilities that exist in the DVSA and that you are encouraged to find and document more vulnerabilities that you find.

Good luck!

LESSON #1: Event Injection

LESSON #2: Broken Authentication

LESSON #3: Sensitive Data Exposure

LESSON #4: Insecure Cloud Configurations

LESSON #5: Broken Access Control

LESSON #6: Denial of Service (DoS)

LESSON #7: Over Privilged Functions

LESSON #8: Logic vulnerabilities

LESSON #9: Vulnerable Dependencies

LESSON #10: Unhandles Exceptions