This serverless application demonstrates common serverless security flaws as described in the Serverless Security Top 10 Weaknesses guide. Teach developers & security practitioners about common serverless application layer risks and weaknesses. Educate on how serverless application layer weaknesses can be exploited. Teach developers & security practitioners about serverless security best-practices. You can find more information about WebGoat at: https://www.owasp.org/index.php/OWASP_Serverless_Goat
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.