OWASP Cloud-Native Application Security Top 10



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Introduction
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute.

Note: This project is a continuation of a previous project - "The Serverless Security Top 10 Most Common Weaknesses Guide", which was released on January 17th 2018 by PureSec, with collaboration of industry thought leaders from: IBM, iRobot, Denim Group, Cisco, Nordstrom, Asurion, Capital One, Microsoft, Check Point, A Cloud Guru and Cloud Academy.

Purpose
The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.

Licensing
The OWASP Cloud-Native Top 10 is free for use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0).

Roadmap

 * 29-SEP-2018: Initial draft
 * 8-NOV-2018: Alpha release / Official public call
 * 27-DEC-2019: End of public call / Processing data collected
 * 18-FEB-2019: Release candidate for review
 * 27-MAR-2019: Official release

Project Sponsors
The project is sponsored by:



Getting Involved
You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. Possible ways to get contribute:
 * We are actively looking for organizations and individuals that will provide vulnerability prevalence data.
 * Translation efforts (later stages)
 * Individuals and organizations that will contribute to the project will listed on the acknowledgments page.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources
TBD

Project Leader
Ory Segal ([mailto:ory.segal@owasp.org email])

Project Mailing List
Mailing List

Github Repo
Github

Related Projects

 * Category:OWASP Top Ten Project

Classifications

 * }