# LESSONS
This tutorial assumes the reader has basic knowledge of serverless and security concepts. It is recommended to first review the [OWASP Serverless Top 10 project](https://www.owasp.org/index.php?title=OWASP_Serverless_Top_10_Project) and the [report](https://github.com/OWASP/Serverless-Top-10-Project/), reviewing common weaknesses in serverless architecture.

Please also note that this tutorial covers only a *small portion* of the vulnerabilities that exist in the DVSA. There are **dozens more vulnerabilities and scenarios** that are not covered in the tutorial and you are *encouraged* to find **and document** more vulnerabilities that you find.

Good luck!


### [LESSON #1: Event Injection](../LESSONS/LESSON_01.md)
### [LESSON #2: Broken Authentication](../LESSONS/LESSON_02.md)
### [LESSON #3: Sensitive Data Exposure](../LESSONS/LESSON_03.md)
### [LESSON #4: Insecure Cloud Configurations](../LESSONS/LESSON_04.md)
### [LESSON #5: Broken Access Control](../LESSONS/LESSON_05.md)
### [LESSON #6: Denial of Service (DoS)](../LESSONS/LESSON_06.md)
### [LESSON #7: Over-Privileged Functions](../LESSONS/LESSON_07.md)
### [LESSON #8: Logic Vulnerabilities](../LESSONS/LESSON_08.md)
### [LESSON #9: Vulnerable Dependencies](../LESSONS/LESSON_09.md)
### [LESSON #10: Unhandles Exceptions](../LESSONS/LESSON_10.md)