Ω

By Andreas Dann | November 6, 2020

Open-Sourcing Serverless Goat for Java


Checkout Serverless Goat for Java and train your security skils. The code ist available under https://github.com/CodeShield-Security/Serverless-Goat-Java.

The OWASP (Open Web Application Security Project) is a well-known nonprofit foundation for software security. The OWASP Top Ten is a de facto standard for web application security. It defines the top ten most critical security risks.

In 2017, the OWASP firstly published the OWASP Top 10 Serverless Interpretations and the Serverless Security Top 10 Weaknesses guide. These guides adapt the well-known OWASP Top Ten for the new challenges of serverless applications and new serverless security flaws.

Illustration ServerlessGoat

To illustrate security vulnerability in serverless applications the OWASP also released Serverless Goat. A serverless application written in JavaScript that contains several SAS Top Ten vulnerabilities. We adapted Serverless Goat for Java and made the code public.

Run ServerlessGoat for Java locally

The repository contains a detailed Readme.md.

  • Install AWS Sam in version > 1.3.2
  • Checkout the GitHub repository git clone https://github.com/CodeShield-Security/Serverless-Goat-Java.git
  • Build the application sam build
  • Execute the application locally sam local invoke

Acknowledgements

ServerlessGoat was initially created and contributed to OWASP by Yuri Shapira & Ory Segal, PureSec. ServerlessGoat for Java was adapted by Manuel Benz and Johannes Spaeth, ​CodeShield