This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP CSA Project

From OWASP
Revision as of 17:57, 25 June 2009 by MichaelCoates (talk | contribs) (Added comment for page 72)

Jump to: navigation, search

Last Updated: 6/25/2009

Mission of CSA_Project Collective To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing

Primary Project Website: http://www.cloudsecurityalliance.org
Project leaders: Warren Axelrod & Michael Sutton

Version 1.0 Document: Get it Now

Deadline for RFC July 8th 2009

If you would like to contribute to this effort as a OWASP voice of Industry/Projects you can and its VERY simple to get started.

Step #1 - Review V1.0 http://www.cloudsecurityalliance.org/guidance/csaguide.pdf

Step #2 - Condense your written comments, references for improvement and suggestions and review/post them to the WIKI - http://www.owasp.org/index.php/Category:OWASP_CSA_Project. This location will be monitored by CSA for inclusion into Version 2.0

Step #3 - Add your name to the wiki page if you would like to work on this effort. The goal is to utilize the experts at OWASP to review and comment as a collective group and reference OWASP existing materials to help the CSA effort and to raise awareness to others about OWASP.

Name/eMail/Phone

Tom Brennan/tomb(at)owasp.org/9732020122 Michael Coates/michael.coates(at)owasp.org/6302072567

Comments on the Domain 11: Application Security Page 65-71

Page # Comment Your Name
72 The second sentence of the Issuance and Guidance on page 72 is misleading and factually incorrect. "Encrypted data is intrinsically protected; if someone has the data without its corresponding keys, they cannot use the data at all." Encrypting data will guarantee that the data is not viewed or modified by a party that does not possess the corresponding keys. However, encrypted data can be used in reply attacks. As such, it is imperative that the transfer of encrypted data utzilize secure tokens and timestamps to ensure the transmission is not subject to replay attacks. The use of SSL/TLS for data transmission will provide both encryption of data and protection against replay attacks.Michael Coates
page# Comment Here Name here


This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_CSA_Project&oldid=64912"