This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Los Angeles/2009 Meetings/February 18

Jump to: navigation, search

Topic: Cloud Computing and Security

Speaker: Alex Stamos

Alex Stamos is a co-founder and Partner at iSEC Partners Inc., a strategic digital security organization. Alex is an experienced security engineer specializing in solving difficult problems in application security and is a leading researcher in the field of web application and mobile security. He has been a featured speaker at top industry conferences such as Black Hat, Web 2.0 Expo, CanSecWest, DefCon, SyScan, SD Best Practices, Microsoft BlueHat and OWASP App Sec. Alex is a contributing author to "Hacking Exposed: Web 2.0" and an author of the upcoming book "Mobile Application Security", both from McGraw-Hill. He holds a BSEE from the University of California, Berkeley.

Abstract: Cloud Computing and Security

Cloud Computing and Security
The Cloud Computing and Software as a Service models are driving many companies to build innovative, scalable and cost effective alternatives to the traditional IT computing model. Even with the potential cost and scalability benefits of cloud computing, its use by more traditional enterprises has been retarded by the concerns of their professional security and audit staffs. In our experience these concerns are legitimate, and although surveys have shown that security is the #1 factor preventing adoption of cloud computing, there has been very little reliable discussion of the technical security risks inherent in the model and how engineers, sys-admins and architects can deal with these risks.

In this session, we will explore the widely differing security models of the leading cloud computing providers, including Amazon, Google and Salesforce. We will also reveal the significant differences in operational and application security practices necessary to deal with a cloud computing environment.