[Owasp-leaders] Advice for security in the cloud

Aaron Guzman aaron.guzman at owasp.org
Thu Dec 7 03:12:38 UTC 2017


I am not sure if OWASP does but this might be what you’re looking for - https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/ <https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/>

Here is what providers responses should look like:
AWS - https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf <https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf>
Google - https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf <https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf>
--
Aaron Guzman
OWASP Los Angeles Board Member
Cloud Security Alliance LA/SoCal Board Member
aaron.guzman at owasp.org
Twitter: @scriptingxss
Linkedin: http://lnkd.in/bds3MgN


> On Dec 6, 2017, at 5:59 PM, Tanya Janca <tanya.janca at owasp.org> wrote:
> 
> Hello all,
> 
> *Imagine* I wanted to write security requirements for a cloud provider, do we have any advice on that?  I checked out theOWASP Secure Software Contract Annex  <https://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex>(which is AWESOME, but the way), but there’s nothing on cloud there.  Anyone want to throw me some advice?  :)
> 
> Tanya
> 
> 
> Tanya Janca
> @SheHacksPurple
> OWASP Ottawa Chapter Leader: https://www.meetup.com/OWASP-Ottawa/ <https://www.meetup.com/OWASP-Ottawa/>
> OWASP DevSlop Project Leader: https://www.owasp.org/index.php/OWASP_DevSlop_Project <https://www.owasp.org/index.php/OWASP_DevSlop_Project>
> https://www.slideshare.net/TanyaJanca <https://www.slideshare.net/TanyaJanca>
> <PastedGraphic-1.tiff>
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171206/8d39ccb7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171206/8d39ccb7/attachment.pgp>


More information about the OWASP-Leaders mailing list