This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Cloud Security Mentor"
Kurmiashish (talk | contribs) (Restoring the earlier UI layout) |
Kurmiashish (talk | contribs) m (Updating timelines) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | |||
| Line 23: | Line 22: | ||
Apache License 2.0<span style="color:#ff0000"> | Apache License 2.0<span style="color:#ff0000"> | ||
==Roadmap== | ==Roadmap== | ||
| − | 2019 Q1: | + | 2019 Q1 & Q2: |
* Seek input on the project proposal from other members of the community | * Seek input on the project proposal from other members of the community | ||
* Come up with the design and architecture for the technological framework that would be used for authoring cloud security tutorials | * Come up with the design and architecture for the technological framework that would be used for authoring cloud security tutorials | ||
| − | 2019 | + | 2019 Q3: |
* Choose a cloud service, a set of applicable vulnerabilities, and a public cloud service provider for the initial implementation. | * Choose a cloud service, a set of applicable vulnerabilities, and a public cloud service provider for the initial implementation. | ||
* Complete a PoC for the generic technological framework using a cloud vulnerability identified step #1. | * Complete a PoC for the generic technological framework using a cloud vulnerability identified step #1. | ||
| − | 2019 | + | 2019 Q4: |
* Improve the framework engineering fundamentals (reliability, performance, logging, etc.) if required | * Improve the framework engineering fundamentals (reliability, performance, logging, etc.) if required | ||
* Leverage the framework for authoring tutorials for all chosen vulnerabilities from step #1 of the 2019 Q2 plan | * Leverage the framework for authoring tutorials for all chosen vulnerabilities from step #1 of the 2019 Q2 plan | ||
| − | + | 2020 Q1: | |
| − | * Continue with the 2019 | + | * Continue with the 2019 Q4 #2 objective |
* Extend the project to cover other cloud resources under the chosen public cloud provider | * Extend the project to cover other cloud resources under the chosen public cloud provider | ||
<span style="color:#ff0000"> | <span style="color:#ff0000"> | ||
| Line 46: | Line 45: | ||
== Project Resources == | == Project Resources == | ||
| − | [https://github.com/OWASP/Cloud-Security-Mentor | + | [https://github.com/OWASP/Cloud-Security-Mentor Installation Package] |
[https://github.com/OWASP/Cloud-Security-Mentor Source Code] | [https://github.com/OWASP/Cloud-Security-Mentor Source Code] | ||
| − | [https://github.com/OWASP/Cloud-Security-Mentor | + | [https://github.com/OWASP/Cloud-Security-Mentor What's New (Revision History)] |
[https://www.owasp.org/index.php/OWASP_Cloud_Security_Mentor Documentation] | [https://www.owasp.org/index.php/OWASP_Cloud_Security_Mentor Documentation] | ||
Latest revision as of 04:54, 22 May 2019
|
OverviewWith the rise of cloud computing, a lot of companies have moved their workload to the cloud. Cloud allows organizations of all sizes to manage their application lifecycle more effectively and efficiently. Because of its design, Cloud has its own set of unique security challenges. There is already an abundance of documentation and open source projects to raise awareness about cloud-specific security issues. Sometimes, consuming this information may feel like drinking from a firehose. This project aims to teach the cloud security fundamentals in a consolidated and actionable manner. The primary goal of the project is to empower cloud defenders with practical cloud security knowledge. This project provides hands-on cloud security tutorials that the audience can conveniently consume in their public cloud accounts to learn at their own pace. The target audience for this project are system administrators, software developers, and solutions architects. DescriptionThe project would deliver a code repository which would describe various cloud hardening principles. The repository would also contain an application utility to demonstrate common cloud vulnerabilities and with the recommended fixes. At a high-level, the project would be divided into multiple Cloud resources such as Storage, Compute, etc. Inside these folders, there will be subfolders describing various vulnerabilities applicable to the cloud resource. Inside these subfolders, we will have one folder for each public cloud provider to demonstrate the vulnerability as well as the recommended security fix. The audience would follow these steps to learn about a cloud vulnerability:
LicensingApache License 2.0 Roadmap2019 Q1 & Q2:
2019 Q3:
2019 Q4:
2020 Q1:
Getting InvolvedIf you would like to contribute, then please get in touch with the project leader. |
Project ResourcesProject LeaderAshish Kurmi Related ProjectsClassifications
| |||||||
