Friday, November 2, 2018

Serverless Top 10 added to the Project Inventory


Included among the recent projects added to the OWASP Projects inventory, is the Incubator project Serverless Top 10, headed by Tal Melamed.  Please read on to find out more about the project from Tal himself.




The Serverless Top 10 project has launched a report, designed to be a first look into the leading risks in serverless security and to serve as a baseline for the project. We would like to thank everyone who participated in the project and made it possible with special thanks to our project sponsor, Protego Labs.

Shedding Light on Serverless
The aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses. The Serverless Top 10 report examines the differences in attack vectors, security weaknesses, and business impact of successful attacks on applications in the serverless world, and, most importantly, how to prevent them. This report will evaluate the famous OWASP Top 10 project risk listing by “running” them through a serverless environment, shedding light on serverless by demonstrating them from both the attacker’s and the defender’s points of view.

Changing AppSec with Changing App Design
“The OWASP Top 10 2017 report focused on traditional application security. Since applications on ey serverless architectures are vastly different, security risks have changed,” said Tal Melamed, Serverless Top 10 project lead. “With serverless, hackers must try different vectors and approaches for attacks; developers cannot employ traditional perimeter protections and need to change their way of thinking, as almost none of the mitigations suggested for traditional systems would fit in the serverless world, which is why we’re working on the serverless Top 10 project.”

 The Serverless Top 10 will also be based on data collected from real industry input through an open call and it is scheduled for a first, official, release in Q2 2019.

Visit our official project page for more information about the roadmap and how to get involved.


Tal Melamed,
OWASP Serverless Top 10 Project Lead

No comments: