OWASP Cloud-Native Application Security Top 10



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Introduction
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute.

Purpose
The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.

Licensing
The OWASP Cloud-Native Top 10 is free for use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0).

Roadmap

 * 29-SEP-2018: Initial draft
 * 8-NOV-2018: Alpha release / Official public call
 * 27-DEC-2019: End of public call / Processing data collected
 * 18-FEB-2019: Release candidate for review
 * 27-MAR-2019: Official release

Project Sponsors
The project is sponsored by:



Getting Involved
You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. Possible ways to get contribute:
 * We are actively looking for organizations and individuals that will provide vulnerability prevalence data.
 * Translation efforts (later stages)
 * Individuals and organizations that will contribute to the project will listed on the acknowledgments page.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
TBD

Project Leader
Ory Segal ([mailto:ory.segal@owasp.org email])

Project Mailing List
Mailing List

Github Repo
Github

Related Projects

 * Category:OWASP Top Ten Project

Classifications

 * }