© 2011 TISA All Rights Reserved

คร ัง้ที ่4 /2554

จดัโดย

Thailand Information Security Association (TISA)

สมาคมความมั่นคงปลอดภยัระบบสารสนเทศแห่งประเทศไทย

© 2011 TISA All Rights Reserved

Agenda

© 2011 TISA All Rights Reserved

TISA MC

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

What is OWASP?

© 2011 TISA All Rights Reserved

OWASP Local Chapter around the world

© 2011 TISA All Rights Reserved

https://www.owasp.org/index.php/Thailand

OWASP Thailand Chapter

© 2011 TISA All Rights Reserved

https://www.owasp.org/index.php/Thailand

How to Participate

© 2011 TISA All Rights Reserved

OWASP Thailand Chapter Facebook Fan page

© 2011 TISA All Rights Reserved

OWASP Top 10 Risks

https://www.owasp.org/index.php/Top_10_2010

© 2011 TISA All Rights Reserved 12

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

Web Application Risks

Outer

Inner

DMZ Zone

Server farm Zone

© 2011 TISA All Rights Reserved O

ute

r Fire

wall

Hardened OS

Web Server

App Server

Inn

er F

irew

all

Da

tab

as

es

Le

ga

cy S

ys

tem

s

We

b S

erv

ice

s

Dir

ec

tori

es

Hu

ma

n R

es

ou

rce

Bil

lin

g

Custom Developed

Application Code

APPLICATION ATTACK

You can’t use network layer protection (Firewall, SSL, IDS, hardening) to stop or detect application layer attacks

Netw

ork

Layer

Ap

pli

ca

tio

n L

aye

r Your security “perimeter” has huge

holes at the “Application layer”

Your “Code” is Part of Your Security Perimeter

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

https://lists.owasp.org/mailman/listinfo/owasp-thailand

OWASP Thailand Mailing-list

© 2011 TISA All Rights Reserved

Cloud Security Alliance (CSA)

Thailand Chapter

Thanasin Jitkaew (TISA Volunteer) SSCP, (IRCA:ISMS), C|EH, CCNA, Network+

PTT ICT Solutions Co.,Ltd.

© 2011 TISA All Rights Reserved

What is Cloud Security Alliance (CSA)?

- Established in December 2008

- Not-for-profit organization (member-driven)

- With a mission to

o Promote the use of best practices for providing security assurance within Cloud Computing.

o Provide education on the uses of Cloud Computing to help secure all other forms of computing.

Source: https://cloudsecurityalliance.org/about/

© 2011 TISA All Rights Reserved

Membership

- Individuals

- Chapters

- Affiliates

- Corporations

Source: https://cloudsecurityalliance.org/membership/

Who are members of the CSA?

© 2011 TISA All Rights Reserved

Research

- Security Guidance for Critical Areas of Focus in Cloud Computing ( >100k downloads)

Source: https://cloudsecurityalliance.org/research/

What does the CSA offer?

© 2011 TISA All Rights Reserved

Research

- Cloud Control Matrix (CCM) o Controls derived from guidance

o Mapped to familiar frameworks:

ISO27001, COBIT, PCI , HIPAA, FISMA, FedRAMP

o Customers vs. Provider role

o Help bridge the “cloud gap” for IT & IT auditors

Source: https://cloudsecurityalliance.org/research/

https://cloudsecurityalliance.org/research/

What does the CSA offer?

© 2011 TISA All Rights Reserved

Research

- Security Guidance for Critical Areas of Focus in Cloud Computing

Source: https://cloudsecurityalliance.org/research/

What does the CSA offer?

© 2011 TISA All Rights Reserved

Research

- Security Guidance for Critical Areas of Focus in Cloud Computing

- Cloud Control Matrix (CCM)

- Top threats to Cloud Computing

- Consensus Assessment Initiative

- Trusted Cloud Initiative

- Cloud Security Alliance GRC Strack

- …

https://cloudsecurityalliance.org/research/

What does the CSA offer?

© 2011 TISA All Rights Reserved

Regional chapters are essential to the mission of CSA Global to promote the secure adoption of cloud computing.

CSA Regional Chapters

17 chapters 36 chapters

© 2011 TISA All Rights Reserved

Near by?

- Official GuangZhou Chapter, Singapore Chapter

- In Development Hong Kong Chapter, Taipei Chapter, Indonesia Chapter

CSA Regional Chapters

Thailand?

© 2011 TISA All Rights Reserved

CSA & OWASP Thailand Chapter Meeting (1/2011)

© 2011 TISA All Rights Reserved

© 2011 TISA All Rights Reserved

Getting Started

Apply for your CSA chapter as follows:

1. Define your chapter’s geographical boundary.

2. Sign up a minimum of 20 members based within the geography. Provide member’s name, email address and LinkedIn URL. If a LinkedIn URL is not available, contact CSA Global for an alternative.

3. Select a board of directors from within the initial members based upon a consensus process developed by the members.

4. Select a chapter name with the format Cloud Security Alliance, XXXX Chapter.

5. Send the above application to chapter-startup@cloudsecurityalliance.org

Source: https://cloudsecurityalliance.org/CSA-Chapter-Launch-Guide.pdf

Becoming a chapter

© 2011 TISA All Rights Reserved

https://www.facebook.com/pages/TISA/161554843888938 หรือ

TISA Facebook Fan page

มาเป็นแฟนกนันะ

วธีิการเข้าหรือค้นหา TISA Fan page :

© 2011 TISA All Rights Reserved

Copyright © 2011 TISA and its respective author (Thailand Information Security Association)

Please contact : info@tisa.or.th

www.TISA.or.th