This repository is a companion to the Securing your Gatsby Serverless Functions livestream, hosted by Queen Raae [https://queen.raae.codes] on July 29, 2021. We will discuss web security and best practices to secure your Gatsby Serverless Functions! The examples from this repository will be used to demonstrate how to identify / exploit / and fix common web security flaws.
Livestream at: https://www.crowdcast.io/e/securing-your-gatsby/register
To get started:
npm install
npm run developView the demonstration at http://localhost:8000
The repository highlights several common web vulnerabilities that can affect serverless functions, including:
- JSON Web Token (JWT) tampering
- Insecure Direct Object Reference (IDOR)
- Server Side Request Forgery (SSRF)
- Client Side Request Forgery (CSRF)
- Remote Command/Code Execution (RCE)
- Insecure Deserialization
This repository is for educational purposes only and includes code with known security vulnerabilities. Use at your own risk!