This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Cloud-Native Application Security Top 10"
(→Project Sponsors) (Tag: Visual edit) |
(→Introduction) (Tag: Visual edit) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
== Introduction== | == Introduction== | ||
| − | Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute. | + | Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute. |
| + | |||
| + | '''Note:''' This project is a continuation of a previous project - "[https://www.puresec.io/press_releases/sas_top_10_2018_released The Serverless Security Top 10 Most Common Weaknesses Guide]", which was released on January 17th 2018 by PureSec, with collaboration of industry thought leaders from: IBM, iRobot, Denim Group, Cisco, Nordstrom, Asurion, Capital One, Microsoft, Check Point, A Cloud Guru and Cloud Academy. | ||
== Purpose == | == Purpose == | ||
| Line 12: | Line 14: | ||
==Licensing== | ==Licensing== | ||
| − | + | The OWASP Cloud-Native Top 10 is free for use. It is licensed under the [http://creativecommons.org/licenses/by-sa/4.0/ Creative Commons Attribution-ShareAlike 4.0 license] (CC BY-SA 4.0). | |
| + | |||
| + | == Roadmap == | ||
| + | * '''29-SEP-2018''': Initial draft | ||
| + | * '''8-NOV-2018''': Alpha release / Official public call | ||
| + | * '''27-DEC-2019''': End of public call / Processing data collected | ||
| + | * '''18-FEB-2019''': Release candidate for review | ||
| + | * '''27-MAR-2019''': Official release | ||
== Project Sponsors == | == Project Sponsors == | ||
The project is sponsored by: | The project is sponsored by: | ||
| − | [[File:PureSec-Logo.png|frameless]] | + | [[File:PureSec-Logo.png|frameless|link=https://www.puresec.io/]] |
==Getting Involved== | ==Getting Involved== | ||
You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. | You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. | ||
| Line 31: | Line 40: | ||
== Project Leader == | == Project Leader == | ||
| − | [[User:Orysegal|Ory Segal]] | + | [[User:Orysegal|Ory Segal]] ([mailto:[email protected] email]) |
| + | |||
| + | == Project Mailing List == | ||
| + | [https://lists.owasp.org/mailman/listinfo/owasp-cloud-native-application-security-top-10 Mailing List] | ||
| + | |||
| + | == Github Repo == | ||
| + | [https://github.com/OWASP/Cloud-Native-Application-Security-Top-10 Github] | ||
== Related Projects == | == Related Projects == | ||
Latest revision as of 05:29, 27 September 2018
IntroductionCloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute. Note: This project is a continuation of a previous project - "The Serverless Security Top 10 Most Common Weaknesses Guide", which was released on January 17th 2018 by PureSec, with collaboration of industry thought leaders from: IBM, iRobot, Denim Group, Cisco, Nordstrom, Asurion, Capital One, Microsoft, Check Point, A Cloud Guru and Cloud Academy. PurposeThe primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them. LicensingThe OWASP Cloud-Native Top 10 is free for use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0). Roadmap
Project SponsorsThe project is sponsored by:
Getting InvolvedYou do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. Possible ways to get contribute:
|
Project ResourcesTBD Project LeaderProject Mailing ListGithub RepoRelated ProjectsClassifications
| |||||||
