VISUALIZE | UNDERSTAND | SECURE

Develop Faster, Better, More Secure Serverless-Applications

Visualize, analyze and secure the Resources and Data-Flows
of your Serverless Code with every change.

GoTo_ Preview
CodeShield Dashboard

Want to check out the features CodeShield offers?

We have prepared a guided preview for you and collected answers to frequently asked questions.

GoTo_ Preview
FAQ

> Automated AWS Resource Diagrams

Visualize your Infrastructure & Data Flow

Get an overview of which JSON objects and data your AWS resources exchange. CodesShield generates easy to understand architecture diagrams directly from your SAM, CloudFormation files and source code.
Use them to easily troubleshoot API and security issues, verify your implementation or visualize your architecture for QA and audits.

To provide detailed insights, CodeShield applies static-analysis to track the data flow between your Serverless functions and the cloud infrastructure.

Learn more
Dashboard visualizing AWS resources Dashboard visualizing data flow between resources

user:~$ OWASP SAS-10 Security Analysis

Follow the Data within your AWS Infrastructure - Across Events, Lambdas, and Tables.

Coming Soon

Know your sensitive data-flows better than your attacker. Detect event-data injections during development.

CodeShield discovers OWASP SAS-10 vulnerabilities even if they span across multiple functions. Vulnerabilities are visualized in your architecture and your code.

Learn more
Dashboard with security warnings

Open-Source Security_

Manage your Open-Source Dependencies

Coming Soon

Get informed about known vulnerabilities in used open-source software immediately.

CodeShield detects known vulnerabilities (CVEs) in the used open-source software, assesses their risk, and suggests updates.

Learn more
Dashboard showing vulnerable OSS dependencies Dashboard suggest fix for vulnerable OSS dependencies

Leverage your Technologies

AWS SAM

AWS SAM

Analyse the configuration of your AWS Serverless Application Model files.

AWS CloudFormation

AWS CloudFormation

Analyse the configuration of your AWS CloudFormation files.

Java

Java

Run code analysis on your Java source-/bytecode.

JavaScript

Node.js

Run code analysis on your node.js code.

GitHub

GitHub

Integrate with GitHub.

Recent Posts

Read more

How to Prevent Code Injection Vulnerabilities in Serverless Applications (Part 2/2)

By Manuel Benz on February 8, 2021

This article is part two of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

Continue reading
Read more

How to Prevent Code Injection Vulnerabilities in Serverless Applications (Part 1/2)

By Manuel Benz on November 25, 2020

This article is part one of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

Continue reading
Read more

ServerlessGoat Java

By Andreas Dann on November 6, 2020

We released an Java adaption of the OWASP Serverless Goat in our GitHub Repo.

Continue reading
Read more

The Myth of False Positives in Static Application Security Testing

By Johannes Späth on October 26, 2020

In this article, we explain the myth behind false positives and discuss two types of false positives.

Continue reading

Supporter

Secure your Serverless-Application now!

GoTo_ Preview