Cloud-10 Guidelines

From OWASP
Revision as of 12:00, 7 December 2011 by Vinaykbansal (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Contents

Guideline Document

1. Development / Environment Setting

a) Developer Access

  1. Jump Server
    1. Multi factor Autch
    2. VPN/Cert based Authc

2. Architecture

  1. Tiering
  2. Communicaiton
    1. between zones
    2. within tiers
    3. ACLs
  3. AuthC/Identity
  4. Encryption
  5. Integration
    1. Web Services
    2. VPN based
  6. WAF

3. Deployment and Testing

  1. Hardening

4. Operations

  1. Patching

Use Cases

  1. Deploying Third Party
  2. Building Your Own Application


Target Providers

  1. Savvis - Shankar
  2. Amazon EC2 - Vinay
  3. Google Apps - Pankaj


Timelines

1. Initial Draft from Shankar - Nov 29nd

2. Initial Draft from Vinay - Dec 9th