Security experts in an organization usually underestimate the presence of unauthorized cloud infrastructure …
Checkout Serverless Goat for Java and train your security skills. The code is available under https://github.com/CodeShield-Security/Serverless-Goat-Java.
The OWASP (Open Web Application Security Project) is a well-known nonprofit foundation for software security. The OWASP Top Ten is a de-facto standard for web application security. It defines the top ten most critical security risks.
In 2017, the OWASP firstly published the OWASP Top 10 Serverless Interpretations and the Serverless Security Top 10 Weaknesses guide. These guides adjust the well-known OWASP Top Ten to address the new challenges of serverless applications and new serverless security flaws.
- Make sure you are logged into your AWS account
- Click on the following link: AWS Serverless Application Repository
- Wait until you see the message
Your application has been deployed
- Click on
View CloudFormation Stack
Outputsyou will find the URL for the application (WebsiteURL)
Run ServerlessGoat for Java locally
The repository contains a detailed Readme.md.
- Install AWS Sam in version > 1.3.2
- Checkout the GitHub repository
git clone https://github.com/CodeShield-Security/Serverless-Goat-Java.git
- Build the application
- Execute the application locally
sam local invoke
ServerlessGoat was initially created and contributed to OWASP by Yuri Shapira & Ory Segal, PureSec. ServerlessGoat for Java was adapted by Manuel Benz and Johannes Spaeth.