| layout | title | tags | level | type | auto-migrated |
|---|---|---|---|---|---|
col-sidebar |
OWASP Cloud-Native Application Security Top 10 |
example-tag |
0 |
documentation |
1 |
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute.
Note: This project is a continuation of a previous project - "The Serverless Security Top 10 Most Common Weaknesses Guide", which was released on January 17th 2018 by PureSec, with collaboration of industry thought leaders from: IBM, iRobot, Denim Group, Cisco, Nordstrom, Asurion, Capital One, Microsoft, Check Point, A Cloud Guru and Cloud Academy.
The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.
The OWASP Cloud-Native Top 10 is free for use. It is licensed under the Creative Commons Attribution-ShareAlike 4.0 license (CC BY-SA 4.0).
- 29-SEP-2018: Initial draft
- 8-NOV-2018: Alpha release / Official public call
- 27-DEC-2019: End of public call / Processing data collected
- 18-FEB-2019: Release candidate for review
- 27-MAR-2019: Official release
The project is sponsored by:
You do not have to be a security expert or a programmer to contribute. Contact the Project Leader(s) to get involved, we welcome any type of suggestions and comments. Possible ways to get contribute:
- We are actively looking for organizations and individuals that will provide vulnerability prevalence data.
- Translation efforts (later stages)
- Individuals and organizations that will contribute to the project will listed on the acknowledgments page.
|
TBD TBD Ory Segal (email) Ory Segal (email)
|
NOTOC NOTOC
Category:OWASP Project Category:OWASP Project Category:OWASP_Document Category:OWASP_Document