Cloud-10 Guidelines

From OWASP
Jump to: navigation, search


Contents

Guideline Document

1. Development / Environment Setting

a) Developer Access

  1. Jump Server
    1. Multi factor Autch
    2. VPN/Cert based Authc

2. Architecture

  1. Tiering
  2. Communicaiton
    1. between zones
    2. within tiers
    3. ACLs
  3. AuthC/Identity
  4. Encryption
  5. Integration
    1. Web Services
    2. VPN based
  6. WAF

3. Deployment and Testing

  1. Hardening

4. Operations

  1. Patching

Use Cases

  1. Deploying Third Party
  2. Building Your Own Application


Target Providers

  1. Savvis - Shankar
  2. Amazon EC2 - Vinay
  3. Google Apps - Pankaj


Timelines

1. Initial Draft from Shankar - Nov 29nd

2. Initial Draft from Vinay - Dec 9th