security

Is your AWS Account vulnerable to the newest attack presented at Black Hat 2021?

By Manuel Benz & Johannes Späth

In this article we are demonstrating a new confused deputy attack against AWS Serverless Application Repository Apps and how to find and fix the underlying vulnerabilty.

How to Exploit Code Injection Vulnerabilities in Serverless Goat

By Andreas Dann

This article is part one of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

How to Prevent Code Injection Vulnerabilities in Serverless Applications (Part 2/2)

By Manuel Benz

This article is part two of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

How to Prevent Code Injection Vulnerabilities in Serverless Applications (Part 1/2)

By Manuel Benz

This article is part one of a series on how to prevent code injection attacks against Serverless applications using AWS Web application firewalls.

ServerlessGoat Java

By Andreas Dann

We released a- Java adaption of the OWASP Serverless Goat in our GitHub Repo.

The Myth of False Positives in Static Application Security Testing

By Johannes Späth

In this article, we explain the myth behind false positives and discuss two types of false positives.

Security vulnerabilities in the Corona-Warn-App

By Manuel Benz

Now that the Corona app is officially released, we are allowed to share our insights.

Sicherheitslücken in der Corona-Warn-App

By Manuel Benz

Jetzt wo die Corona-App offiziel veröffentlicht ist, dürfen wir über unsere Ergebnisse sprechen.

-->