Category:OWASP Cloud ‐ 10 Project

From OWASP
Revision as of 06:40, 12 April 2011 by Paulo Coimbra (Talk | contribs)

Jump to: navigation, search

Main

Cloud Top 10 Security Risks

Goal

According to Gartner, by 2012, 20% of businesses will adopt cloud services and own no IT assets. Goal of the project is to maintain a list of top 10 security risks faced with the Cloud* Computing and SaaS Models. List will be maintained by input from community, security experts and security incidences at cloud/SaaS providers.

  • Most of the risks are based on the assumption that Cloud is a public or a hybrid cloud

Audience

Audience for the project will be organizations planning on leveraging external cloud environment to host their applications or rent application in a SaaS model (Software as a Service). Aim of the "OWASP Cloud-10" list is to help balance security risks with the cost advantage that the Cloud and SaaS model provides. We expect the Cloud and SaaS providers to be indirect audience for "OWASP Cloud-10", when they try to showcase their security controls to potential customers against this list.

Also refer the recent presentation - http://www.owasp.org/images/4/47/Cloud-Top10-Security-Risks.pdf

OWASP Cloud ‐ 10 Project/Initial pre-alpha list of OWASP Cloud Top 10 Security Risks

Roadmap (Status)

Managing OWASP Cloud-10 List (Pre-Alpha)

“OWASP Cloud-10” list will be maintained by input from, community, security experts and security incidences at cloud/SaaS providers.

Each of the identified risk in "OWASP Cloud-10" will provide details on:

  • Various Risk Scenarios
  • Real World Examples
  • Possible Mitigations and Security Controls
  • Reference to any related Incident


Risk Criteria:

  1. Easily Executable
  2. Most Damaging
  3. Incidence Frequency (Known)


Alpha Release

  1. Identify and publish a first draft of potential "OWASP Cloud-10" candidates (Dec 2009)
  2. Ask contributors to collect more data and details on each of the risk item. (till Jan 2010)
  3. Get initial community feedback by discussing it in various blogs, discussion forums etc. (Jan-Feb 2010)


Beta Release

  1. Writeup to be finished by April 5th (All)
  2. Provide feedback by April 19th
  3. Incorporate all the comments feedback by 26th April
  4. Publish the first (beta) list of "OWASP Cloud-10" (April 3rd 2010)
  5. Identify additional candidates
  6. ……. (repeat steps as in Alpha)



Taxonomy

Terms

Diagrams

Reference

Related Efforts

  1. Cloud Security Alliance - http://www.cloudsecurityalliance.org/
  2. IDC Aug 2008 Survey (Security #1) Challenge for Cloud/On-Demand Models - http://blogs.idc.com/ie/?p=210

Related OWASP Projects

  1. OWASP Top Ten Project
  2. OWASP Legal Project


Contributors

Project Leaders

Vinay Bansal
Dr. Shankar Babu Chebrolu
Pankaj Telang
Ken Huang
Ove Hansen

Contributors


Ludovic Petit


  1. Subscribe or read the Cloud-10 mail archives


Project Details

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Cloud ‐ 10 Project (home page)
Purpose: Goal of the project is to maintain a list of top 10 security risks faced with the Cloud Computing and SaaS Models. List will be maintained by input from community, security experts and security incidences at cloud/SaaS providers.
License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Initial Pre-Alpha List of OWASP Cloud Top 10 Security Risks - Still under work - (download)
Release description: Aim of the "OWASP Cloud-10" list is to help balance security risks with the cost advantage that the Cloud and SaaS model provides. We expect the Cloud and SaaS providers to be indirect audience for "OWASP Cloud-10", when they try to showcase their security controls to potential customers against this list.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases



Subcategories

This category has the following 2 subcategories, out of 2 total.

C

O