This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Serverless Top 10 Project"

From OWASP

Jump to: navigation, search

Revision as of 15:24, 19 November 2018

Main
Acknowledgments
Project Resources
Roadmap
Get involved
About

OWASP Serverless Top 10 - First Released

The OWASP Top 10: Serverless Interpretation is now available.

Introduction

When adopting serverless technology, we eliminate the need to develop a server to manage our application. By doing so, we also pass some of the security threats to the infrastructure provider such as AWS, Azure and Google Cloud. In addition to the many advantages of serverless application development, such as cost and scalability, some security aspects are also handed to our service provider. Serverless services run code without provisioning or managing servers and the code is executed only when needed.

However, even if these applications are running without a managed server, they still execute code. If this code is written in an insecure manner, it can still be vulnerable to application-level attacks.

The first report will examine the differences in attack vectors, security weaknesses, and the business impact of application attacks on in the serverless world, and, most importantly, the report will suggest ways to to prevent them. As we will be able to see in the report, attack and defense techniques are different from what we used to in the traditional application world.

After that, an open-call will be established to collect data in the wild and establishing the official Serverless Top 10 Report.

Purpose

OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.

Licensing

The OWASP Serverless Top 10 is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0).

Project Sponsors

The OWASP Serverless Top 10 project is sponsored by

and

Quick Downloads

OWASP Top 10: Serverless Interpretation

Presentation

Soon!

News & Events

[1 Sep 2018]: Hello World!
[18 Sep 2018]: Join our Slack-channel #project-sls-top-10.
[22 Sep 2018]: Follow our Git Repo.
[25 Oct 2018]: First Release!
[2 Nov 2018]: Official Announcement

Project Leader

Tal Melamed

Coming soon!

Related Projects

OWASP Top 10 Project

Classifications

Report Reviewers

Assaf Hefetz, Snyk

Erez Metula, AppSec Labs

Erez Yalon, Checkmarx

Frank M. Catucci, OWASP

Guy Bernhart-Magen, Intel

Hemed Gur Ary, OWASP

Jeff Williams, Contrast Security

Jim DelGrosso, Synopsys

Jochanan Sommerfeld, RDuck

Kobi Lechner, INFINIDAT

Limor Sylvie Kessem, IBM

Marcin Hoppe, Auth0

Mark Johnston, Google

Martin Knobloch, OWASP

Matthew Henderson, Microsoft

Matteo Meucci, Minded Security

Owen Pendlebury, OWASP

Paco Hope, AWS

Patrick Laverty, Rapid7

Rupack Ganguly, Serverless Inc.

Tanya Janca, Microsoft

Tash Norris, Capital One

Tom Brennan, IOActive

Yan Cui, DAZN

Youssef Elmalty, AWS

OWASP Serverless Top 10 - First Released

The OWASP Top 10: Serverless Interpretation is now available.

GitHub repository

30-SEP-2018: First draft is sent to reviewers
25-OCT-2018: Initial report released
01-APR-2019: Call for data opened
31-JUL-2019: Processing data collected
01-SEP-2019: Release Candidate is sent for review
01-OCT-2019: Official release

We will need help along the way. Please contact Project Leaders to get involved.

Get involved in OWASP Serverless Top 10!

You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments.

Possible ways to get contribute:

We are actively looking for organizations and individuals that will provide vulnerability prevalence data.
Translation efforts (later stages)
Assisting in the development of related tools (e.g. DVSA)

Individuals and organizations that will contribute to the project will listed on the acknowledgments page.

Also, join our Slack Channel #project-sls-top-10

GitHub project page

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: OWASP Serverless Top 10
Purpose: OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.
License: CC BY-SA 4.0
who	is working on this project?
Project Leader(s): Tal Melamed @
how	can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
Contact Tal Melamed @ to contribute to this project Contact Tal Melamed @ to review or sponsor this project

current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Serverless_Top_10_Project&oldid=245252"

Categories:

@@ Line 87: / Line 87: @@
 = Acknowledgments =
-=== Report Reviewers ===
+{| role="presentation" class="mw-collapsible"
-<small>Assaf Hefetz, Snyk
+|-
+| '''<big>Report Reviewers   </big>'''
-Erez Metula, AppSec Labs
+|-
+|Assaf Hefetz, Snyk
-Erez Yalon, Checkmarx
+|-
+|Erez Metula, AppSec Labs
-Frank M. Catucci, OWASP
+|-
+|Erez Yalon, Checkmarx
-Guy Bernhart-Magen, Intel
+|-
+|Frank M. Catucci, OWASP
-Hemed Gur Ary, OWASP
+|-
+|Guy Bernhart-Magen, Intel
-Jeff Williams, Contrast Security
+|-
+|Hemed Gur Ary, OWASP
-Jim DelGrosso, Synopsys
+|-
+|Jeff Williams, Contrast Security
-Jochanan Sommerfeld, RDuck
+|-
+|Jim DelGrosso, Synopsys
-Kobi Lechner, INFINIDAT
+|-
+|Jochanan Sommerfeld, RDuck
-Limor Sylvie Kessem, IBM
+|-
+|Kobi Lechner, INFINIDAT
-Marcin Hoppe, Auth0
+|-
+|Limor Sylvie Kessem, IBM
-Mark Johnston, Google
+|-
+|Marcin Hoppe, Auth0
-Martin Knobloch, OWASP
+|-
+|Mark Johnston, Google
-Matthew Henderson, Microsoft
+|-
+|Martin Knobloch, OWASP
-Matteo Meucci, Minded Security
+|-
+|Matthew Henderson, Microsoft
-Owen Pendlebury, OWASP
+|-
+|Matteo Meucci, Minded Security
-Paco Hope, AWS
+|-
+|Owen Pendlebury, OWASP
-Patrick Laverty, Rapid7
+|-
+|Paco Hope, AWS
-Rupack Ganguly, Serverless Inc.
+|-
+|Patrick Laverty, Rapid7
-Tanya Janca, Microsoft
+|-
+|Rupack Ganguly, Serverless Inc.
-Tash Norris, Capital One
+|-
+|Tanya Janca, Microsoft
-Tom Brennan, IOActive
+|-
+|Tash Norris, Capital One
-Yan Cui, DAZN
+|-
+|Tom Brennan, IOActive
-Youssef Elmalty, AWS</small>
+|-
+|Yan Cui, DAZN
+|-
+|Youssef Elmalty, AWS
+|}
 = Project Resources =

Difference between revisions of "OWASP Serverless Top 10 Project"

Revision as of 15:24, 19 November 2018

OWASP Serverless Top 10 - First Released

Introduction

Purpose

Licensing

Project Sponsors

Quick Downloads

Presentation

News & Events

Project Leader

Related Projects

Classifications

OWASP Serverless Top 10 - First Released

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools