OWASP Cloud-Native Application Security Top 10
Overview
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute.
The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.
Table of Contents
- Forward
- Introduction
- Release notes
- Overview of Cloud-Native Applications
- The shared model of security responsibility
- Application security challenges in Cloud-Native applications
- Overview of the Top 10
- Top 10 (TBD)
- What's next sections
- Methodology & data
- Acknowledgements