This article comes (relatively) close on the heels of my talk at AppSec California. The talk was: "An Attacker's Perspective of Serverless and GraphQL Applications"The slides for that talk are available here As I was preparing for the talk. I had a project, ThreatPlaybook, that we needed to revamp.