OWASP and CSA_TISA Pro-Talk_4-2554
- 1. ครงที่ 4 /2554
ั้
จ ัดโดย
Thailand Information Security Association (TISA)
สมาคมความมั่นคงปลอดภัยระบบสารสนเทศแห่ งประเทศไทย
© 2011 TISA All Rights Reserved
- 11. OWASP Top 10 Risks
https://www.owasp.org/index.php/Top_10_2010
© 2011 TISA All Rights Reserved
- 15. Your “Code” is Part of Your
Security Perimeter
APPLICATION Your security “perimeter” has huge
Application Layer
ATTACK
holes at the “Application layer”
Legacy Systems
Human Resource
Web Services
Directories
Databases
Custom Developed
Billing
Application Code
Network Layer
App Server
Web Server
Hardened OS
Inner Firewall
Outer Firewall
You can’t use network layer protection (Firewall, SSL, IDS, hardening)
to stop or detect application layer attacks
© 2011 TISA All Rights Reserved
- 19. Cloud Security Alliance (CSA)
Thailand Chapter
Thanasin Jitkaew (TISA Volunteer)
SSCP, (IRCA:ISMS), C|EH, CCNA, Network+
PTT ICT Solutions Co.,Ltd.
© 2011 TISA All Rights Reserved
- 20. What is Cloud Security Alliance (CSA)?
- Established in December 2008
- Not-for-profit organization (member-driven)
- With a mission to
o Promote the use of best practices for providing security assurance within
Cloud Computing.
o Provide education on the uses of Cloud Computing to help secure all other
forms of computing.
Source: https://cloudsecurityalliance.org/about/
© 2011 TISA All Rights Reserved
- 21. Who are members of the CSA?
Membership
- Individuals
- Chapters
- Affiliates
- Corporations
Source: https://cloudsecurityalliance.org/membership/
© 2011 TISA All Rights Reserved
- 22. What does the CSA offer?
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing ( >100k downloads)
Source: https://cloudsecurityalliance.org/research/
© 2011 TISA All Rights Reserved
- 23. What does the CSA offer?
Research
- Cloud Control Matrix (CCM)
o Controls derived from guidance
o Mapped to familiar frameworks:
ISO27001, COBIT, PCI , HIPAA,
FISMA, FedRAMP
o Customers vs. Provider role
o Help bridge the “cloud gap” for IT
& IT auditors
Source: https://cloudsecurityalliance.org/research/ All Rights Reserved
© 2011 TISA
- 24. What does the CSA offer?
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing
Source: https://cloudsecurityalliance.org/research/
© 2011 TISA All Rights Reserved
- 25. What does the CSA offer?
Research
- Security Guidance for Critical Areas of Focus in Cloud Computing
- Cloud Control Matrix (CCM)
- Top threats to Cloud Computing
- Consensus Assessment Initiative
- Trusted Cloud Initiative
- Cloud Security Alliance GRC Strack
- …
https://cloudsecurityalliance.org/research/
© 2011 TISA All Rights Reserved
- 26. CSA Regional Chapters
Regional chapters are essential to the mission of CSA Global to promote the secure
adoption of cloud computing.
17 chapters 36 chapters
© 2011 TISA All Rights Reserved
- 27. CSA Regional Chapters
Near by?
- Official GuangZhou Chapter, Singapore Chapter
- In Development Hong Kong Chapter, Taipei Chapter, Indonesia Chapter
Thailand?
© 2011 TISA All Rights Reserved
- 28. CSA & OWASP Thailand Chapter Meeting (1/2011)
© 2011 TISA All Rights Reserved
- 30. Becoming a chapter
Getting Started
Apply for your CSA chapter as follows:
1. Define your chapter’s geographical boundary.
2. Sign up a minimum of 20 members based within the geography. Provide member’s name, email
address and LinkedIn URL. If a LinkedIn URL is not available, contact CSA Global for an alternative.
3. Select a board of directors from within the initial members based upon a consensus process
developed by the members.
4. Select a chapter name with the format Cloud Security Alliance, XXXX Chapter.
5. Send the above application to chapter-startup@cloudsecurityalliance.org
Source: https://cloudsecurityalliance.org/CSA-Chapter-Launch-Guide.pdf
© 2011 TISA All Rights Reserved
- 31. TISA Facebook Fan page
มาเป็ นแฟนกันนะ
วิธีการเข้ าหรือค้ นหา TISA Fan page :
https://www.facebook.com/pages/TISA/161554843888938 หรือ
© 2011 TISA All Rights Reserved
- 32. www. TISA.or.th
Copyright © 2011 TISA and its respective author
(Thailand Information Security Association)
Please contact : info@tisa.or.th
© 2011 TISA All Rights Reserved