Intentionally Vulnerable Serverless Functions to understand the specifics of Serverless Security Vulnerabilities
A DHIY (Deploy and Hack It Yourself) Project that you can deploy and run a bunch of 'orribly insecure functions on AWS Lambda
This project is great for you, if:
This project is not for you, if:
chalice
(meant for python on AWS Lambda). Deployment of these functions to your lambda environment is reasonably simplePlease use in personal/non-production accounts only We do not take responsibility for the way in which any one uses these functions (DVFaaS). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVFaaS on to production accounts. You are responsible for requisite authorizations (if any) that you will need to run this on your AWS account.
git clone <URL>
pipenv install
to install all depsops
which is used to manage deploymentshttpie
as the http client as its command line and really easy to use.chalice
folder that is recognized by chalice for the purposes of deployment..chalice/config.json
file to configure the deployment. Please read each lab's README for this info.
This will have to be done, post deployment (which is the ops
directories where applicable)chalice deploy
command which will push your Lambda function to your AWS account: