Tuesday, April 2, 2019

OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.

We are excited to announce the first OWASP Serverless Top 10 call for data. We will use it to better understand the security landscape of real-world serverless applications and to make the OWASP Serverless Top 10 report an go-to resource for developers.

How to contribute?

We are looking for data that represent the current state of security in serverless applications. To that end, today we are opening a survey to collect data about vulnerabilities found in serverless applications.

We want to be as data-driven as possible but the questionnaire includes qualitative questions that will allow you to report vulnerabilities and issues that were not previously identified.

The questionnaire can be accessed here: https://forms.gle/QdFJhPRdC2NFSxARA.

We will use this data to improve the original report to make it more representative of vulnerabilities observed in the field.

Roadmap

The most important milestones of this project are:

  • April 1, 2019: call for data opened
  • July 31, 2019: call for data end and data processing starts
  • September 1, 2019: report Release Candidate is sent for review
  • October 1, 2019: the final report is officially published

Those are ambitious goals and we cannot do it without you!

Get involved

We collaborate on this project on GitHub (https://github.com/OWASP/Serverless-Top-10-Project) and in the #project-sls-top-10 channel on the OWASP Slack (use this link to join). Your input and comments are very valuable to us and we encourage all interested to join the discussion!

Feel free to reach directly to one of the project leaders to get involved: Tal Melamed (tal.melamed@owasp.org) and Marcin Hoppe (marcin.hoppe@owasp.org).

Also, if you’re planning to come to #OWASP #GlobalAppSec @OWASP_IL, don’t miss out the Serverless Top 10 talk!

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home