This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Serverless Top 10 Project"
(test1) |
(desc) |
||
| Line 7: | Line 7: | ||
== About == | == About == | ||
| − | + | When adopting serverless technology, we eliminate the need to develop a server to manage our application. By doing so, we also pass some of the security threats to the infrastructure provider such as AWS, Azure or Google Cloud. In addition to the many advantages of serverless application development, such as cost and scalability, some security aspects are also handed to our service provider, which can usually be trusted. Serverless services, like AWS Lambda, Azure Functions, Google Cloud Functions and IBM Cloud Functions, run code without provisioning or managing servers and the code is executed only when needed. | |
| + | |||
| + | However, even if these applications are running without a managed server, they still execute code. If this code is written in an insecure manner, it can still be vulnerable to application-level attacks. | ||
| + | |||
| + | The OWASP Serverless Top 10 report will examine the differences in attack vectors, security weaknesses, and the business impact of application attacks on in the serverless world, and, most importantly, the report will suggest ways to to prevent them. As we will be able to see in the report, attack and defense techniques are different from what we used to in the traditional application world. | ||
| + | |||
| + | |||
==Purpose== | ==Purpose== | ||
| − | + | OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them. | |
| − | |||
{{Template:PutInCategory}} | {{Template:PutInCategory}} | ||
| Line 117: | Line 122: | ||
= Get involved = | = Get involved = | ||
| − | + | Get involved in <strong> OWASP Serverless Top 10</strong>! | |
| − | + | You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. | |
| − | + | Possible ways to get contribute: | |
| + | * We are actively looking for organizations and individuals that will provide vulnerability prevalence data. | ||
| + | * Translation efforts (later stages) | ||
| + | * Assisting in the development of related tools (e.g. DVSA) | ||
| − | + | Individuals and organizations that will contribute to the project will listed on the acknowledgments page. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Also, join our [https://lists.owasp.org/mailman/listinfo/owasp-serverless-top-10-project mailing list] | ||
| Line 188: | Line 191: | ||
{{MemberLinks|link=https://www.protego.io|logo=Protego_logo_black.png}} | {{MemberLinks|link=https://www.protego.io|logo=Protego_logo_black.png}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
Revision as of 19:55, 30 August 2018
AboutWhen adopting serverless technology, we eliminate the need to develop a server to manage our application. By doing so, we also pass some of the security threats to the infrastructure provider such as AWS, Azure or Google Cloud. In addition to the many advantages of serverless application development, such as cost and scalability, some security aspects are also handed to our service provider, which can usually be trusted. Serverless services, like AWS Lambda, Azure Functions, Google Cloud Functions and IBM Cloud Functions, run code without provisioning or managing servers and the code is executed only when needed. However, even if these applications are running without a managed server, they still execute code. If this code is written in an insecure manner, it can still be vulnerable to application-level attacks. The OWASP Serverless Top 10 report will examine the differences in attack vectors, security weaknesses, and the business impact of application attacks on in the serverless world, and, most importantly, the report will suggest ways to to prevent them. As we will be able to see in the report, attack and defense techniques are different from what we used to in the traditional application world.
PurposeOWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them. How to add a new OWASP Serverless Top 10 Project articleYou can follow the instructions to make a new OWASP Serverless Top 10 Project article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the OWASP Serverless Top 10 Project category:
[[Category:OWASP Serverless Top 10 Project]] LicensingThe Documentation Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
TeamThe OWASP Team
MetaLast Update: 12/2015
Other Resources
|
Classifications
| |||||||
|
<TBD>
|
Related Project Resources
<TDB>
Ongoing Operations
None.
Upcoming Operations
None.
Archived Operations
None at the moment.
Get involved in OWASP Serverless Top 10!
You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments.
Possible ways to get contribute:
- We are actively looking for organizations and individuals that will provide vulnerability prevalence data.
- Translation efforts (later stages)
- Assisting in the development of related tools (e.g. DVSA)
Individuals and organizations that will contribute to the project will listed on the acknowledgments page.
Also, join our mailing list
| PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| |||||||||||||||||||||||||||||||||||
Project About
DescriptionOWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.
LicensingThe OWASP Serverless Top 10 is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0).
Roadmap
We will need help along the way. Please contact Project Leaders to get involved.
Project SponsorsThe OWASP Serverless Top 10 project is sponsored by
|
Project ResourcesProject LeaderRelated ProjectsClassifications
|
||||||||||||||||||||||||||||||||||||||||||||||
