DVSA: a Damn Vulnerable Serverless Application
DVSA
a Damn Vulnerable Serverless Application
Damn Vulnerable Serverless Application (DVSA) is a deliberately vulnerable application aiming to be an aid for security professionals to test their skills and tools in a legal environment, help developers better understand the processes of securing serverless applications and to aid both students & teachers to learn about serverless application security in a controlled classroom environment.
The aim of DVSA is to practice some of the most common serverless vulnerabilities, with a simple straightforward interface.
The AWS vulnerable application includes 10 lessons.
- LESSON #1: Event Injection
- LESSON #2: Broken Authentication
- LESSON #3: Sensitive Data Exposure
- LESSON #4: Insecure Cloud Configurations
- LESSON #5: Broken Access Control
- LESSON #6: Denial of Service (DoS)
- LESSON #7: Over Privilged Functions
- LESSON #8: Logic vulnerabilities
- LESSON #9: Vulnerable Dependencies
- LESSON #10: Unhandles Exceptions
Install
git clone https://github.com/OWASP/DVSA.git
npm install
sls deploy
npm run-script client:build
sls client deploy
Copyright (C) 2018 OWASP by Tal Melamed
Source: https://github.com/OWASP/