[Owasp-leaders] Advice for security in the cloud

Fabio Cerullo fcerullo at owasp.org
Thu Dec 7 08:28:39 UTC 2017


Tanya,

I agree with Aaron.

I would suggest you checking out the Cloud Security Alliance Consensus
Assessment Initiative Questionnaire:
https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/

It is an assessment questionnaire that you could send to a cloud service
provider and ask for their input.

Fabio

On 7 December 2017 at 03:12:38, Aaron Guzman (aaron.guzman at owasp.org) wrote:

> I am not sure if OWASP does but this might be what you’re looking for -
> https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/
>
> Here is what providers responses should look like:
> AWS -
> https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf
> Google -
> https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf
> --
> Aaron Guzman
> OWASP Los Angeles Board Member
> Cloud Security Alliance LA/SoCal Board Member
> aaron.guzman at owasp.org
> Twitter: @scriptingxss
> Linkedin: http://lnkd.in/bds3MgN
>
>
> On Dec 6, 2017, at 5:59 PM, Tanya Janca <tanya.janca at owasp.org> wrote:
>
> Hello all,
>
> *Imagine* I wanted to write security requirements for a cloud provider, do
> we have any advice on that?  I checked out the OWASP Secure Software
> Contract Annex
> <https://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex>(which
> is AWESOME, but the way), but there’s nothing on cloud there.  Anyone want
> to throw me some advice?  :)
>
> Tanya
>
>
> Tanya Janca
> @SheHacksPurple
> OWASP Ottawa Chapter Leader: https://www.meetup.com/OWASP-Ottawa/
> OWASP DevSlop Project Leader:
> https://www.owasp.org/index.php/OWASP_DevSlop_Project
> https://www.slideshare.net/TanyaJanca
>
> <PastedGraphic-1.tiff>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> ------------------------------
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171207/4be80877/attachment.html>


More information about the OWASP-Leaders mailing list