[GPC] [Owasp-cloud-10] OWASP Cloud Top10 Project

Paulo Coimbra paulo.coimbra at owasp.org
Tue Apr 12 10:48:47 EDT 2011


Hello Vinay et al,

 

I have checked your wiki username and everything seemed fine. Have you lost
your password? If not, could you please send over enough details so that I
can understand what the problem is? 

 

https://www.owasp.org/index.php/User:Vinaykbansal 

 

On another note, I have made a couple of changes on the project's wiki page.
For your information, I've hidden both tabs the former 'Project About'
(which has been replaced by its last generation) and the 'Contributors' tab
which had been made redundant by these changes. I also have created a new
page to receive the 'Initial Pre-Alpha List of OWASP Cloud Top 10 Security
Risks' and thereafter replaced the entire content on the project's main page
by a template form of the new page. In my opinion it makes the main page a
bit cleaner and it has also allowed me to install a Project Release template
that uses the previously referred link.

 

https://www.owasp.org/index.php/Projects/OWASP_Cloud_%E2%80%90_10_Project 

 

https://www.owasp.org/index.php/OWASP_Cloud_%E2%80%90_10/Initial_Pre-Alpha_L
ist_of_OWASP_Cloud_Top_10_Security_Risks 

 

https://www.owasp.org/index.php/Projects/OWASP_Cloud_%E2%80%90_10_Project/Re
leases/Initial_Pre-Alpha_List_of_OWASP_Cloud_Top_10_Security_Risks

 

https://www.owasp.org/index.php/Category:GPC_Templates 

 

Please let me know whether you approve the introduced changes. If not, I
will reverse the process.

 

Thanks,

- Paulo

 

 

Paulo Coimbra,

 <http://www.owasp.org/index.php/User:Paulo_Coimbra> OWASP Project Manager

 

From: Vinay Bansal [mailto:vinaykbansal at gmail.com] 
Sent: segunda-feira, 11 de Abril de 2011 18:34
To: Ludovic Petit
Cc: owasp-cloud-10-project; owasp-cloud-10 at lists.owasp.org;
paulo.coimbra at owasp.org
Subject: Re: [Owasp-cloud-10] OWASP Cloud Top10 Project

 

Hi Ludovic,

 

Thanks for your contribution. Sorry I was out last week and could not
respond to you earlier.

Overall I feel that progress on this project has been slower in last few
months and with people like you joining we may be able to get the momentum
back.

 

1. For the additional comments and risks you have highlighted, feel free to
update the Wiki with the additional details. We have drill down for each of
the risk

 E.g. 

a) for the point you raised around Service Continuity and QoS - that may
align well with the R4- Business Continuity and Resiliency Risk -
https://www.owasp.org/index.php/Cloud-10_Business_Continuity_and_Resiliency

b) Data Backups etc. -
https://www.owasp.org/index.php/Cloud-10_Accountability_and_Data_Ownership

 

 

2. Updating
http://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project#tab
=Project_Details

I tried and I am also unable to edit this page. Not sure if something
changed when OWASP migrated to the new Wiki format.

 

 

3. Presentation: And I looked through your deck which looks good. I can
provide you with some additional comments as we go along? When is the
presentation due?

 

 

-Vinay

 

 

On Wed, Apr 6, 2011 at 10:23 AM, Ludovic Petit <ludovic.petit at owasp.org>
wrote:

Hi Vinay and All
 
Here's a first contribution to the OWASP Cloud - 10 Project.
 
Well, here's in my view some aspects to take into account from a global
overview, when dealing with/about Cloud Computing.
 
Service Continuity and QoS
-        What contractual solutions are proposed by the Operator of Cloud?
(this is typically here about the Service Level Agreement)
 
The guarantee of recovering Data
-        Once the data entrusted to a third operator, what are the
guarantees that you will get your property information? 
-        What about the backups performed by the operator of Cloud?
 
Data Security
Here in France, we have the Data Privacy Act, which is strict.
However, Privacy is most of the time mandatory in a local Legal Framework,
as well as a concern for us all.
Which lead to the following questions 
-        Personal data : will they be transferred outside the borders of the
country involved, the European Union or any geographical area in which the
country is located?
-        What are the plans in the event of accidental or < unlawful > (yes,
we have to bear this in mind, in my humble opinion) destruction of data?
-        Same thing about Data Tampering and / or Information Leakage
-        Do we have to contractualize the location of servers, i.s. the
geographical hosting center ?
 
Ensuring Traceability
-        One must have tools dedicted to Traceability of Data Access, this
to comply with the Legal Framework in cas of Legal Inquiry
 
Legal
-        What about Lawful Interception ?
 
In fact, I consider that most of the Risks are related to < CIA >, so in
other words How to Ensure of
-        Confidentiality
-        Integrity
-        Availability
-        and Traceability
 
Btw, Vinay, could you please also update the Project Details page at
http://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project#tab
=Project_Details to indicate that I'm contributor, because I can't
edit/update this page such as I've done for the Contributors page.

 

Last but not least, coudl you please tell me/usd when a .pdf draft of the
"OWASP Cloud Top10" (with OWASP template, not a Cisco one please) will be
available.

 

 
Cheers.

-- 

Ludovic
Chapter Leader, OWASP France

Mobile: +33 (0) 611 726 164 <tel:%2B33%20%280%29%20611%20726%20164> 
E-mail:  <mailto:ludovic.petit at owasp.org> ludovic.petit at owasp.org

LinkedIn:  <http://www.linkedin.com/in/lpetit>
http://www.linkedin.com/in/lpetit

 <http://www.owasp.org/index.php/User:Ludovic_Petit>
http://www.owasp.org/index.php/User:Ludovic_Petit



_______________________________________________
Owasp-cloud-10 mailing list
Owasp-cloud-10 at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-cloud-10

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110412/d27b369b/attachment-0001.html 


More information about the Global-projects-committee mailing list