Protego Labs Launches Damn Vulnerable Serverless Application

Company Donates First Ever Realistic Serverless Security Testing App to OWASP

Baltimore, MD – January 8, 2019 – Protego Labs announced today the launch of the Damn Vulnerable Serverless Application (DVSA). This open-source tool is the first real-world serverless testing application available and is designed to help security professionals test their skills and tools, help developers better understand the processes of securing serverless applications, and assist both students and teachers in learning about serverless application security in a controlled classroom environment.

“While many companies are adopting serverless technologies and approaches, security for serverless is largely uncharted territory as traditional security methods aren’t applicable in serverless environments,” said Tal Melamed, head of security research, Protego Labs. “The DVSA enables serverless practitioners to see vulnerabilities and test the defenses of serverless applications while learning almost everything they need to know about serverless application security.”

Developed by Protego Labs and donated to the Open Web Application Security Project (OWASP), DVSA is easily installed and allows users to practice some of the most common serverless vulnerabilities through a simple interface. The application includes both documented and undocumented vulnerabilities and encourages the discovery of others.

The DVSA tool includes a variety of cloud resources, from functions to databases, simple storage, queues, email services and more. The application backend includes exposed and unexposed functions, administrative back-office, mock external APIs, as well as a modern front-end that includes authentication and email interaction with users.

This vulnerable application contains the most common security risks, including over-privileged roles, insecure configurations, broken access control, vulnerable dependencies. Serverless practitioners can attempt various attacks such as injection attacks and DoS.

This is the second project Protego Labs has led with OWASP. Last year, Protego Labs launched the OWASP Serverless Top 10, a report designed to be a first look into the leading risks in serverless security and to serve as a baseline for the official OWASP Serverless Top 10.

Also in 2018, Protego Labs launched a free  version of its serverless security solution—complete with all functionality—enabling companies to build secure applications from the get-go and save time by automating complex tasks such as configuration of function permissions. The company also won the Startup Competition for the most innovative cyber initiative at the Cybertech Tel Aviv Conference, was named a 2019 Company to Watch by SDTimes Magazine, received Frost & Sullivan’s 2018 Global New Product Innovation Award, and is currently nominated for Best Cybersecurity Startup in the Cyber Excellence Awards.

About Protego

Recognizing the inadequacy of traditional application security paradigms, Protego Labs designed the first comprehensive solution built with the unique constraints and opportunities of serverless in mind. Through continuous serverless security posture, dynamic serverless intelligence, and elastic defense, Protego helps organizations achieve control over the security of their applications. For more information, visit

Press Contact

Matthew Pugh

Share This Article
Share on facebook
Share on linkedin
Share on twitter
Share on email

Join industry experts as they discuss all things serverless including industry news and best practice tips.