This article explores practical examples of vulnerabilities in serverless applications using the OWASP Damn Vulnerable Serverless Application (DVSA). It demonstrates event injection attacks through API Gateway, showing how these vulnerabilities can be exploited to gain unauthorized access and execute malicious code. The effectiveness of AWS security tools in detecting and preventing these vulnerabilities is evaluated. While AWS WAF with default rules proved insufficient in blocking JavaScript code injections, Amazon Inspector successfully identified critical vulnerabilities in both package dependencies and custom code. The article emphasizes the importance of implementing robust security measures in serverless architectures, including proper input validation, secure deserialization practices, and regular vulnerability scanning. It underscores the need for developers and security professionals to stay informed about potential vulnerabilities and leverage available security tools to enhance the protection of serverless applications.