Paper: Domain 10: Guidance for Application Security V2.1  |
|
September 22 2010
|
Picking up from the latest Cloud Security Alliance papers, Domain 10: Guidance for Application Security V2.1 explores some of the challenges that organizations have encountered with application security for cloud computing. Domain 10 provides an upfront analysis, covering the traditional aspects of managing information confidentiality, integrity and availability, as it is central to documenting the classification of data handled by the application and will influence many of the design decisions. It also elaborates on situations for existing applications that are migrated to the cloud, as it can serve as an opportunity to address outstanding fundamental problems that have been overlooked or underrepresented during their development.
|
|
|
Paper: Security Guidance for Critical Areas of Focus in Cloud Computing v2 |
|
December 19 2009
|
The Cloud Security Alliance's initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there will certainly be guidance that we could improve upon. We will quite likely modify the number of domains and change the focus of some areas of concern. We seek your help to improve this guidance to make version 2.0 of this document an even better asset to the security practitioner and cloud provider. We will be kicking off numerous online activities and in-person regional events to share our findings and connect with experts to increase our knowledge base.
|
|
|
Paper: Defining a dWAF to Secure Cloud Applications |
|
July 17 2009
|
Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are taking great strides in helping the industry solve the myriad of security problems confronting cloud computing. The benchmark guidelines established by the CSA in their document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document. It also includes recommendations and practical use-cases.
|
|
|
Presentation: Best Practice Guide: Web Application Firewalls |
|
December 19 2008
|
The CTO at Art of Defence, Alex Meisel, gives an introduction to Web Application Firewalls and their benefits, risks and operation at the OWASP Conference.
|
|
Content
