Virtualization Technology News and Information
Protego Labs Launches Damn Vulnerable Serverless Application

Protego Labs announced the launch of the Damn Vulnerable Serverless Application (DVSA). This open-source tool is the first real-world serverless testing application available and is designed to help security professionals test their skills and tools, help developers better understand the processes of securing serverless applications, and assist both students and teachers in learning about serverless application security in a controlled classroom environment.

"While many companies are adopting serverless technologies and approaches, security for serverless is largely uncharted territory as traditional security methods aren't applicable in serverless environments," said Tal Melamed, head of security research, Protego Labs. "The DVSA enables serverless practitioners to see vulnerabilities and test the defenses of serverless applications while learning almost everything they need to know about serverless application security."

Developed by Protego Labs and donated to the Open Web Application Security Project (OWASP), DVSA is easily installed and allows users to practice some of the most common serverless vulnerabilities through a simple interface. The application includes both documented and undocumented vulnerabilities and encourages the discovery of others.

The DVSA tool includes a variety of cloud resources, from functions to databases, simple storage, queues, email services and more. The application backend includes exposed and unexposed functions, administrative back-office, mock external APIs, as well as a modern front-end that includes authentication and email interaction with users.

This vulnerable application contains the most common security risks, including over-privileged roles, insecure configurations, broken access control, vulnerable dependencies. Serverless practitioners can attempt various attacks such as injection attacks and DoS.

This is the second project Protego Labs has led with OWASP. Last year, Protego Labs launched the OWASP Serverless Top 10, a report designed to be a first look into the leading risks in serverless security and to serve as a baseline for the official OWASP Serverless Top 10.

Also in 2018, Protego Labs launched a free version of its serverless security solution - complete with all functionality-enabling companies to build secure applications from the get-go and save time by automating complex tasks such as configuration of function permissions.
Published Thursday, January 10, 2019 7:01 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2019>