Deliberately-vulnerable applications gained popularity in recent years for the purpose of learning and demonstrating application security concepts. Years ago, OWASP launched the WebGoat project, which has since become the gold standard and to this day is still one of the most popular platforms for teaching web application security.
The Open Web Application Security Project (OWASP) recently launched the serverless counterpart to WebGoat, named ServerlessGoat, which was contributed by serverless security vendor PureSec.