Difference between revisions of "Category:OWASP Cloud ‐ 10 Project"

From OWASP
Jump to: navigation, search
Line 7: Line 7:
 
Audience for the project will be organizations planning on leveraging external cloud environment to host their applications or rent application in a SaaS model (Software as a Service). Aim of the "OWASP Cloud-10" list is to help balance security risks with the cost advantage that the Cloud and SaaS model provides.  We expect the Cloud and SaaS providers to be indirect audience for "OWASP Cloud-10", when they try to showcase their security controls to potential customers against this list.
 
Audience for the project will be organizations planning on leveraging external cloud environment to host their applications or rent application in a SaaS model (Software as a Service). Aim of the "OWASP Cloud-10" list is to help balance security risks with the cost advantage that the Cloud and SaaS model provides.  We expect the Cloud and SaaS providers to be indirect audience for "OWASP Cloud-10", when they try to showcase their security controls to potential customers against this list.
  
==Managing OWASP Cloud-10 List==
+
==Managing OWASP Cloud-10 List (Pre-Alpha)==
 
“OWASP Cloud-10” list will be maintained by input from, community,  security experts and security incidences at cloud/SaaS providers.  
 
“OWASP Cloud-10” list will be maintained by input from, community,  security experts and security incidences at cloud/SaaS providers.  
 
   
 
   

Revision as of 20:15, 13 July 2009

Main

Goal

Goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. List will be maintained by input from community, security experts and security incidences at cloud/SaaS providers.

Audience

Audience for the project will be organizations planning on leveraging external cloud environment to host their applications or rent application in a SaaS model (Software as a Service). Aim of the "OWASP Cloud-10" list is to help balance security risks with the cost advantage that the Cloud and SaaS model provides. We expect the Cloud and SaaS providers to be indirect audience for "OWASP Cloud-10", when they try to showcase their security controls to potential customers against this list.

Managing OWASP Cloud-10 List (Pre-Alpha)

“OWASP Cloud-10” list will be maintained by input from, community, security experts and security incidences at cloud/SaaS providers.

Each of the identified risk in "OWASP Cloud-10" will provide details on:

  • Various Risk Scenarios
  • Possible Mitigations and Security Controls
  • Real World Examples
  • Reference to any related Incident


OWASP Cloud-10 List

A draft list of candidate top 10 risks will be posted here

Roadmap (Status)

Alpha State

  1. Identify and publish a first draft of potential "OWASP Cloud-10" candidates (July 2009)
  2. Ask contributors to collect more data and details on each of the risk item. (till Aug 2009)
  3. Get initial community feedback by discussing it in various blogs, discussion forums etc. (till Aug-Sept 2009)

Beta State

  1. Publish the first (beta) list of "OWASP Cloud-10" (Oct 2009)
  2. Identify additional candidates
  3. ……. (repeat steps as in Alpha)


Reference

Related Efforts

  1. Cloud Security Alliance - http://www.cloudsecurityalliance.org/


Related OWASP Projects

  1. OWASP Top Ten Project
  2. OWASP Legal Project


Contributors

Project Leader
Vinay Bansal

Project Contributors
Shankar Babu Chebrolu|
Martin Nystrom
Jim Born


Project Identification

Category:OWASP Cloud‐10 Project - Project Information Page



Subcategories

This category has the following 2 subcategories, out of 2 total.

C

O

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_Cloud_‐_10_Project&oldid=65853"