This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cloud-10 Guidelines

From OWASP
Jump to: navigation, search


Guideline Document

1. Development / Environment Setting

a) Developer Access

  1. Jump Server
    1. Multi factor Autch
    2. VPN/Cert based Authc

2. Architecture

  1. Tiering
  2. Communicaiton
    1. between zones
    2. within tiers
    3. ACLs
  3. AuthC/Identity
  4. Encryption
  5. Integration
    1. Web Services
    2. VPN based
  6. WAF

3. Deployment and Testing

  1. Hardening

4. Operations

  1. Patching

Use Cases

  1. Deploying Third Party
  2. Building Your Own Application


Target Providers

  1. Savvis - Shankar
  2. Amazon EC2 - Vinay
  3. Google Apps - Pankaj


Timelines

1. Initial Draft from Shankar - Nov 29nd

2. Initial Draft from Vinay - Dec 9th

Retrieved from "https://wiki.owasp.org/index.php?title=Cloud-10_Guidelines&oldid=121185"