OWASP Cloud Security
We believe that cyber security has a fundamental role to play in protecting the digital future. We also believe that cyber security isn't just about the technology; it's about the people. The customer, the developer, the designer, the security engineer, even the attacker. Not only is cyber security a never-ending process, it's also a conversation.
This project was created to enable that conversation, helping people secure their products and services running in the cloud by providing a set of easy to use threat and control stories that pool together the expertise and experience of the development, operations, and security communities.
You can find the main OWASP project page here: https://www.owasp.org/index.php/OWASP_Cloud_Security_Project
Using the project
This project provides the following for an ever-expanding list of cloud providers and services:
Proof-of-concept attack scripts and tools
Check out the tools directory in the provider/service directories.
This project was created to pool together the experience and expertise of people just like you, so that others can build better and more secure products and services in the cloud. Your contributions are essential!
Join the discussion
The simplest way to get involved is to reach out to other members of the community. If you would like to ask questions, discuss ideas or problems, or even just share your thoughts you can do so in a number of ways:
- @OWASP_CloudSec on Twitter
- #cloud-security on the OWASP Slack (sign up here)
- Email - mailing list coming soon!
If you would like to get in touch with the project leader directly, you can do so via email to firstname.lastname@example.org
Github issues and Pull Requests
This project uses Github issues as the primary way of tracking tasks, problems and ideas etc. If you're looking for a way to help out, but you're not sure where to start, take a look at the list of issues for something you could work on.
If you want to just get stuck straight in, you can create Github pull requests (PRs) with your changes. You don't need to create an issue first. Your PR will then be reviewed. If all is well, your PR will be merged into the repository. If there are questions, these will be done via the comments on the PR. For more information, see the Creating pull requests section.
What needs doing
This project is still in its infancy, so there's plenty of things to do. Also, as cloud security is an ever-expanding landscape, there will always be plenty of things to do ;)
- Discovering new threats
- Writing threat stories
- Identifying controls
- Writing control stories
- Community development
For more information on how to get involved, see the Getting involved Wiki page.
Using the OWASP Cloud Security project
This project can be used in many different ways, but typically it will involve using the threats in your SDLC, then using the control stories to ensure you mitigated against identified threats.
For more information, see the Using the project Wiki page.