Attacking AWS Serverless Applications

4th of July Sale: Use coupon “FIREWORKS15” and get 15% off on Pro and Pro Plus Individual Annual Plans.
Learning Path
AWS Security
Ideal for
Cloud Engineer
Cloud Labs

Serverless applications function very differently from traditional ones, both when it comes to operation and the security measures they employ. The fact that serverless apps are structured as numerous small functions creates new opportunities for intruders to exploit the greater attack surface. This course will take both Red and Blue Team approaches to serverless security in AWS, so you’ll learn not just how to passively protect apps, but actively use attackers’ strategies against them.

This course on AWS Serverless App Security begins with a look at the top 10 vulnerabilities in serverless architectures, similar to the OWASP Top 10. In the Red Team section, you’ll learn how to exploit insecure applications using many of the most severe flaws present in serverless.

The Blue Team approach will have us going through methods of securing serverless applications, including identity and access management, secrets management, and logging and monitoring functions. Finally, we’ll explore serverless vulnerability assessment for SAST, DAST and SCA, as well as CI/CD for serverless functions.

Every individual section in this course features extensive hands-on labs to showcase real-world scenarios and get you to practically try out everything you learn. Our material is a distillation of years of security testing experience, knowledge, and original research across our entire team. Once you’ve completed this course, you’ll be able to take what you’ve learned here and implement it directly in a modern AWS serverless stack.

You might also like these courses

Or explore these Learning Paths


Insecure Deserialization
Event Injection with XXE

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started

Contact Support

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023