OWASP Cloud Security Mentor
With the rise of cloud computing, a lot of companies have moved their workload to the cloud. Cloud allows organizations of all sizes to manage their application lifecycle more effectively and efficiently. Because of its design, Cloud has its own set of unique security challenges. There is already an abundance of documentation and open source projects to raise awareness about cloud-specific security issues. Sometimes, consuming this information may feel like drinking from a firehose. This project aims to teach the cloud security fundamentals in a consolidated and actionable manner. The primary goal of the project is to empower cloud defenders with practical cloud security knowledge. This project provides hands-on cloud security tutorials that the audience can conveniently consume in their public cloud accounts to learn at their own pace. The target audience for this project are system administrators, software developers, and solutions architects.
The project would deliver a code repository which would describe various cloud hardening principles. The repository would also contain an application utility to demonstrate common cloud vulnerabilities and with the recommended fixes. At a high-level, the project would be divided into multiple Cloud resources such as Storage, Compute, etc. Inside these folders, there will be subfolders describing various vulnerabilities applicable to the cloud resource. Inside these subfolders, we will have one folder for each public cloud provider to demonstrate the vulnerability as well as the recommended security fix.
The audience would follow these steps to learn about a cloud vulnerability:
Apache License 2.0
2019 Q1 & Q2:
If you would like to contribute, then please get in touch with the project leader.