This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Docker Top 10"

From OWASP
Jump to: navigation, search
(1st draft: About section)
(Firt draft of Roadmap, more)
Line 10: Line 10:
  
 
==About Docker Top 10==
 
==About Docker Top 10==
<span style="color:#ff0000">
 
 
 
The OWASP Docker Top 10 is giving you ten bullet points to plan and implement a secure docker container environment. The 10 bullet points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.
 
The OWASP Docker Top 10 is giving you ten bullet points to plan and implement a secure docker container environment. The 10 bullet points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.
  
 
You should use it as a guidance in the design phase as a system specification or for auditing a docker environment. Also for procurement it could provide a basis for specifying requirements in contracts.
 
You should use it as a guidance in the design phase as a system specification or for auditing a docker environment. Also for procurement it could provide a basis for specifying requirements in contracts.
 
</span>
 
  
  
 
==Description==
 
==Description==
 +
<!--
 
<span style="color:#ff0000">
 
<span style="color:#ff0000">
 
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.   
 
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.   
Line 29: Line 26:
  
 
Contextual custom dictionary builder with character substitution and word variations for pen-testers
 
Contextual custom dictionary builder with character substitution and word variations for pen-testers
 +
-->
  
 
==Licensing==
 
==Licensing==
 +
<!--
 
<span style="color:#ff0000">
 
<span style="color:#ff0000">
 
A project must be licensed under a community friendly or open source license.  For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects.  This example assumes that you want to use the AGPL 3.0 license.
 
A project must be licensed under a community friendly or open source license.  For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects.  This example assumes that you want to use the AGPL 3.0 license.
Line 36: Line 35:
  
 
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.  OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}.   
 
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.  OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}.   
 +
-->
  
 
==Roadmap==
 
==Roadmap==
<span style="color:#ff0000">
+
As of <strong>August 2018, the highest priorities for the next 3 months</strong> are:
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:
 
 
<strong>
 
<strong>
* Complete the first draft of the Documentation Project Template
+
* Complete the first draft of the Documentation  
* Get other people to review the Documentation Project Template and provide feedback
+
* Get other people involved to review the Documentation and provide feedback
* Incorporate feedback into changes in the Documentation Project Template
+
* Incorporate feedback into the Documentation  
 
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project
 
* Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project
 
</strong>
 
</strong>
Line 49: Line 48:
 
Subsequent Releases will add
 
Subsequent Releases will add
 
<strong>
 
<strong>
* Internationalization Support
+
* Go from Draft to a solid basis
* Additional Unit Tests
+
* Being Promoted from an Incubator Project to a Lab Project
* Automated Regression tests
 
 
</strong>
 
</strong>
  
 
==Getting Involved==
 
==Getting Involved==
<span style="color:#ff0000">
+
 
Involvement in the development and promotion of <strong>Documentation Project Template</strong> is actively encouraged!
+
For all communication, releases and more please use [https://github.com/OWASP/Docker-Top-10 github]
You do not have to be a security expert or a programmer to contribute.
 
Some of the ways you can help are as follows:
 
  
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
 
== Project Resources ==
 
== Project Resources ==
<span style="color:#ff0000">
 
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.
 
</span>
 
 
[https://github.com/SamanthaGroves Installation Package]
 
 
[https://github.com/SamanthaGroves Source Code]
 
 
[https://github.com/SamanthaGroves What's New (Revision History)]
 
 
[https://github.com/SamanthaGroves Documentation]
 
 
[https://github.com/SamanthaGroves Wiki Home Page]
 
 
[https://github.com/SamanthaGroves Issue Tracker]
 
  
[https://github.com/SamanthaGroves Slide Presentation]
+
[https://2018.appsec.eu/presos/DevOps_Docker_201_Security_Dirk-Wetter_AppSecEU2018.pdf Dirk Wetter: Slides of Presentation at OWASP AppSec Europe 2018]
  
[https://github.com/SamanthaGroves Video]
+
[https://2018.appsec.eu/presos/DevOps_Securing-Containers_Jack-Mannino_Abdullah-Munawar_AppSecEU2018.pptx Jack Mannino and Abdullah Munawar: Slides of Presentation at OWASP AppSec Europe 2018]
  
 
== Project Leader ==
 
== Project Leader ==
<span style="color:#ff0000">
 
A project leader is the individual who decides to lead the project throughout its lifecycle. The project leader is responsible for communicating the project’s progress to the OWASP Foundation, and he/she is ultimately responsible for the project’s deliverables. The project leader must provide OWASP with his/her real name and contact e-mail address for his/her project application to be accepted, as OWASP prides itself on the openness of its products, operations, and members.
 
</span>
 
 
 
Dirk Wetter
 
Dirk Wetter
  
 
== Related Projects ==
 
== Related Projects ==
<span style="color:#ff0000">
+
<!--
This is where you can link to other OWASP Projects that are similar to yours.
 
</span>
 
 
* [[OWASP_Code_Project_Template]]
 
* [[OWASP_Code_Project_Template]]
 
* [[OWASP_Tool_Project_Template]]
 
* [[OWASP_Tool_Project_Template]]
  
 +
--?
 
==Classifications==
 
==Classifications==
  

Revision as of 18:39, 31 August 2018

OWASP Project Header.jpg

Project About

PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
pending
last reviewed release
pending


other releases


About Docker Top 10

The OWASP Docker Top 10 is giving you ten bullet points to plan and implement a secure docker container environment. The 10 bullet points are ordered by relevance. They don't represent risks as each single point in the OWASP Top 10, they represent security controls. The controls range from baseline security to more advanced controls, depended on your security requirements.

You should use it as a guidance in the design phase as a system specification or for auditing a docker environment. Also for procurement it could provide a basis for specifying requirements in contracts.


Description

Licensing

Roadmap

As of August 2018, the highest priorities for the next 3 months are:

  • Complete the first draft of the Documentation
  • Get other people involved to review the Documentation and provide feedback
  • Incorporate feedback into the Documentation
  • Finalize the Documentation Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project

Subsequent Releases will add

  • Go from Draft to a solid basis
  • Being Promoted from an Incubator Project to a Lab Project

Getting Involved

For all communication, releases and more please use github

Project Resources

Dirk Wetter: Slides of Presentation at OWASP AppSec Europe 2018

Jack Mannino and Abdullah Munawar: Slides of Presentation at OWASP AppSec Europe 2018

Project Leader

Dirk Wetter

Related Projects
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Docker_Top_10&oldid=243067"