owasp and csa_tisa pro-talk_4-2554
DESCRIPTION
TRANSCRIPT
© 2011 TISA All Rights Reserved
คร ัง้ที ่4 /2554
จดัโดย
Thailand Information Security Association (TISA)
สมาคมความมั่นคงปลอดภยัระบบสารสนเทศแห่งประเทศไทย
© 2011 TISA All Rights Reserved
Agenda
© 2011 TISA All Rights Reserved
TISA MC
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
What is OWASP?
© 2011 TISA All Rights Reserved
OWASP Local Chapter around the world
© 2011 TISA All Rights Reserved
https://www.owasp.org/index.php/Thailand
OWASP Thailand Chapter
© 2011 TISA All Rights Reserved
https://www.owasp.org/index.php/Thailand
How to Participate
© 2011 TISA All Rights Reserved
OWASP Thailand Chapter Facebook Fan page
© 2011 TISA All Rights Reserved
OWASP Top 10 Risks
https://www.owasp.org/index.php/Top_10_2010
© 2011 TISA All Rights Reserved 12
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
Web Application Risks
Outer
Inner
DMZ Zone
Server farm Zone
© 2011 TISA All Rights Reserved O
ute
r Fire
wall
Hardened OS
Web Server
App Server
Inn
er F
irew
all
Da
tab
as
es
Le
ga
cy S
ys
tem
s
We
b S
erv
ice
s
Dir
ec
tori
es
Hu
ma
n R
es
ou
rce
Bil
lin
g
Custom Developed
Application Code
APPLICATION ATTACK
You can’t use network layer protection (Firewall, SSL, IDS, hardening) to stop or detect application layer attacks
Netw
ork
Layer
Ap
pli
ca
tio
n L
aye
r Your security “perimeter” has huge
holes at the “Application layer”
Your “Code” is Part of Your Security Perimeter
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
https://lists.owasp.org/mailman/listinfo/owasp-thailand
OWASP Thailand Mailing-list
© 2011 TISA All Rights Reserved
Cloud Security Alliance (CSA)
Thailand Chapter
Thanasin Jitkaew (TISA Volunteer) SSCP, (IRCA:ISMS), C|EH, CCNA, Network+
PTT ICT Solutions Co.,Ltd.
© 2011 TISA All Rights Reserved
What is Cloud Security Alliance (CSA)?
- Established in December 2008
- Not-for-profit organization (member-driven)
- With a mission to
o Promote the use of best practices for providing security assurance within Cloud Computing.
o Provide education on the uses of Cloud Computing to help secure all other forms of computing.
Source: https://cloudsecurityalliance.org/about/
© 2011 TISA All Rights Reserved
Membership
- Individuals
- Chapters
- Affiliates
- Corporations
Source: https://cloudsecurityalliance.org/membership/
Who are members of the CSA?
© 2011 TISA All Rights Reserved
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing ( >100k downloads)
Source: https://cloudsecurityalliance.org/research/
What does the CSA offer?
© 2011 TISA All Rights Reserved
Research
- Cloud Control Matrix (CCM) o Controls derived from guidance
o Mapped to familiar frameworks:
ISO27001, COBIT, PCI , HIPAA, FISMA, FedRAMP
o Customers vs. Provider role
o Help bridge the “cloud gap” for IT & IT auditors
Source: https://cloudsecurityalliance.org/research/
https://cloudsecurityalliance.org/research/
What does the CSA offer?
© 2011 TISA All Rights Reserved
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing
Source: https://cloudsecurityalliance.org/research/
What does the CSA offer?
© 2011 TISA All Rights Reserved
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing
- Cloud Control Matrix (CCM)
- Top threats to Cloud Computing
- Consensus Assessment Initiative
- Trusted Cloud Initiative
- Cloud Security Alliance GRC Strack
- …
https://cloudsecurityalliance.org/research/
What does the CSA offer?
© 2011 TISA All Rights Reserved
Regional chapters are essential to the mission of CSA Global to promote the secure adoption of cloud computing.
CSA Regional Chapters
17 chapters 36 chapters
© 2011 TISA All Rights Reserved
Near by?
- Official GuangZhou Chapter, Singapore Chapter
- In Development Hong Kong Chapter, Taipei Chapter, Indonesia Chapter
CSA Regional Chapters
Thailand?
© 2011 TISA All Rights Reserved
CSA & OWASP Thailand Chapter Meeting (1/2011)
© 2011 TISA All Rights Reserved
© 2011 TISA All Rights Reserved
Getting Started
Apply for your CSA chapter as follows:
1. Define your chapter’s geographical boundary.
2. Sign up a minimum of 20 members based within the geography. Provide member’s name, email address and LinkedIn URL. If a LinkedIn URL is not available, contact CSA Global for an alternative.
3. Select a board of directors from within the initial members based upon a consensus process developed by the members.
4. Select a chapter name with the format Cloud Security Alliance, XXXX Chapter.
5. Send the above application to [email protected]
Source: https://cloudsecurityalliance.org/CSA-Chapter-Launch-Guide.pdf
Becoming a chapter
© 2011 TISA All Rights Reserved
https://www.facebook.com/pages/TISA/161554843888938 หรือ
TISA Facebook Fan page
มาเป็นแฟนกนันะ
วธีิการเข้าหรือค้นหา TISA Fan page :
© 2011 TISA All Rights Reserved
Copyright © 2011 TISA and its respective author (Thailand Information Security Association)
Please contact : [email protected]
www.TISA.or.th