This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Docker Top 10"

From OWASP
Jump to: navigation, search
m
m
Line 3: Line 3:
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
==Project About==
 
<span style="color:#ff0000">
 
{{:Projects/OWASP_Example_Project_About_Page}}
 
 
  
 
==About Docker Top 10==
 
==About Docker Top 10==
The OWASP Docker Top 10 is giving you ten bullet points to plan and implement a secure docker container environment. The 10 bullet points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.
+
The OWASP Docker Top 10 project is giving you ten bullet points to plan and implement a secure docker container environment. Those 10 points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.
  
You should use it as a guidance in the design phase as a system specification or for auditing a docker environment. Also for procurement it could provide a basis for specifying requirements in contracts.
+
You should use it as a  
 +
* guidance in the design phase as a system specification or  
 +
* for auditing a docker environment,
 +
* also for procurement it could provide a basis for specifying requirements in contracts.
  
  
Line 29: Line 27:
  
 
==Licensing==
 
==Licensing==
 +
 +
To be decided
 
<!--
 
<!--
 
<span style="color:#ff0000">
 
<span style="color:#ff0000">
Line 38: Line 38:
  
 
==Roadmap==
 
==Roadmap==
As of <strong>August 2018, the highest priorities for the next 3 months</strong> are:
+
As of <strong>September 2018</strong>, the highest priorities for the next 3 months are:
 
<strong>
 
<strong>
* Complete the first draft of the Documentation
+
* Publish and work on a first draft of the documentation
* Get other people involved to review the Documentation and provide feedback
+
* Complete this first draft
* Incorporate feedback into the Documentation
+
* Get other people involved to review the documentation and provide feedback
 +
* Incorporate feedback into the documentation
 
* First Release
 
* First Release
 
</strong>
 
</strong>
Line 49: Line 50:
 
<strong>
 
<strong>
 
* Go from Draft to Release  
 
* Go from Draft to Release  
* Being Promoted from an Incubator Project to a Lab Project
+
* Being promoted from an Incubator Project to a Lab Project
 
</strong>
 
</strong>
  
 
==Getting Involved==
 
==Getting Involved==
  
For all communication, releases and more please use [https://github.com/OWASP/Docker-Top-10 github]
+
For all communication, releases and more please use [https://github.com/OWASP/Docker-Top-10 Github]
  
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
Line 60: Line 61:
 
== Project Resources ==
 
== Project Resources ==
  
Actions take place @ [https://github.com/OWASP/Docker-Top-10 Github]
+
'''Github'''<br />
 
+
* Actions take place @ [https://github.com/OWASP/Docker-Top-10 Github]
Dirk Wetter: [https://2018.appsec.eu/presos/DevOps_Docker_201_Security_Dirk-Wetter_AppSecEU2018.pdf Slides of Presentation]  at OWASP AppSec Europe 2018
+
<br />
 +
'''Slides'''<br />
 +
* Dirk Wetter: [https://2018.appsec.eu/presos/DevOps_Docker_201_Security_Dirk-Wetter_AppSecEU2018.pdf Slides of Presentation]  at OWASP AppSec Europe 2018
  
Jack Mannino and Abdullah Munawar: [https://2018.appsec.eu/presos/DevOps_Securing-Containers_Jack-Mannino_Abdullah-Munawar_AppSecEU2018.pptx Slides of Presentation]  at OWASP AppSec Europe 2018
+
* Jack Mannino and Abdullah Munawar: [https://2018.appsec.eu/presos/DevOps_Securing-Containers_Jack-Mannino_Abdullah-Munawar_AppSecEU2018.pptx Slides of Presentation]  at OWASP AppSec Europe 2018
  
 
== Project Leader ==
 
== Project Leader ==

Revision as of 10:02, 1 September 2018

OWASP Project Header.jpg

About Docker Top 10

The OWASP Docker Top 10 project is giving you ten bullet points to plan and implement a secure docker container environment. Those 10 points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.

You should use it as a

  • guidance in the design phase as a system specification or
  • for auditing a docker environment,
  • also for procurement it could provide a basis for specifying requirements in contracts.


Description

Licensing

To be decided

Roadmap

As of September 2018, the highest priorities for the next 3 months are:

  • Publish and work on a first draft of the documentation
  • Complete this first draft
  • Get other people involved to review the documentation and provide feedback
  • Incorporate feedback into the documentation
  • First Release

Subsequent Releases will add

  • Go from Draft to Release
  • Being promoted from an Incubator Project to a Lab Project

Getting Involved

For all communication, releases and more please use Github

Project Resources

Github


Slides

Project Leader

Dirk Wetter

Related Projects
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Docker_Top_10&oldid=243090"