OWASP and CSA_TISA Pro-Talk_4-2554

  • 364 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
364
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ครงที่ 4 /2554 ั้ จ ัดโดยThailand Information Security Association (TISA) สมาคมความมั่นคงปลอดภัยระบบสารสนเทศแห่ งประเทศไทย © 2011 TISA All Rights Reserved
  • 2. Agenda© 2011 TISA All Rights Reserved
  • 3. TISA MC© 2011 TISA All Rights Reserved
  • 4. © 2011 TISA All Rights Reserved
  • 5. © 2011 TISA All Rights Reserved
  • 6. What is OWASP? © 2011 TISA All Rights Reserved
  • 7. OWASP Local Chapter around the world © 2011 TISA All Rights Reserved
  • 8. OWASP Thailand Chapterhttps://www.owasp.org/index.php/Thailand © 2011 TISA All Rights Reserved
  • 9. How to Participatehttps://www.owasp.org/index.php/Thailand © 2011 TISA All Rights Reserved
  • 10. OWASP Thailand Chapter Facebook Fan page © 2011 TISA All Rights Reserved
  • 11. OWASP Top 10 Riskshttps://www.owasp.org/index.php/Top_10_2010 © 2011 TISA All Rights Reserved
  • 12. © 2011 TISA All Rights Reserved 12
  • 13. © 2011 TISA All Rights Reserved
  • 14. Web Application RisksOuter DMZ ZoneInner Server farm Zone © 2011 TISA All Rights Reserved
  • 15. Your “Code” is Part of Your Security Perimeter APPLICATION Your security “perimeter” has hugeApplication Layer ATTACK holes at the “Application layer” Legacy Systems Human Resource Web Services Directories Databases Custom Developed Billing Application CodeNetwork Layer App Server Web Server Hardened OS Inner Firewall Outer Firewall You can’t use network layer protection (Firewall, SSL, IDS, hardening) to stop or detect application layer attacks © 2011 TISA All Rights Reserved
  • 16. © 2011 TISA All Rights Reserved
  • 17. © 2011 TISA All Rights Reserved
  • 18. OWASP Thailand Mailing-listhttps://lists.owasp.org/mailman/listinfo/owasp-thailand © 2011 TISA All Rights Reserved
  • 19. Cloud Security Alliance (CSA) Thailand Chapter Thanasin Jitkaew (TISA Volunteer) SSCP, (IRCA:ISMS), C|EH, CCNA, Network+ PTT ICT Solutions Co.,Ltd. © 2011 TISA All Rights Reserved
  • 20. What is Cloud Security Alliance (CSA)?- Established in December 2008- Not-for-profit organization (member-driven)- With a mission to o Promote the use of best practices for providing security assurance within Cloud Computing. o Provide education on the uses of Cloud Computing to help secure all other forms of computing.Source: https://cloudsecurityalliance.org/about/ © 2011 TISA All Rights Reserved
  • 21. Who are members of the CSA?Membership- Individuals- Chapters- Affiliates- CorporationsSource: https://cloudsecurityalliance.org/membership/ © 2011 TISA All Rights Reserved
  • 22. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud Computing ( >100k downloads)Source: https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  • 23. What does the CSA offer?Research- Cloud Control Matrix (CCM) o Controls derived from guidance o Mapped to familiar frameworks: ISO27001, COBIT, PCI , HIPAA, FISMA, FedRAMP o Customers vs. Provider role o Help bridge the “cloud gap” for IT & IT auditorsSource: https://cloudsecurityalliance.org/research/ All Rights Reserved © 2011 TISA
  • 24. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud ComputingSource: https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  • 25. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud Computing- Cloud Control Matrix (CCM)- Top threats to Cloud Computing- Consensus Assessment Initiative- Trusted Cloud Initiative- Cloud Security Alliance GRC Strack- …https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  • 26. CSA Regional ChaptersRegional chapters are essential to the mission of CSA Global to promote the secureadoption of cloud computing. 17 chapters 36 chapters © 2011 TISA All Rights Reserved
  • 27. CSA Regional ChaptersNear by?- Official  GuangZhou Chapter, Singapore Chapter- In Development Hong Kong Chapter, Taipei Chapter, Indonesia Chapter Thailand? © 2011 TISA All Rights Reserved
  • 28. CSA & OWASP Thailand Chapter Meeting (1/2011) © 2011 TISA All Rights Reserved
  • 29. © 2011 TISA All Rights Reserved
  • 30. Becoming a chapterGetting Started Apply for your CSA chapter as follows: 1. Define your chapter’s geographical boundary. 2. Sign up a minimum of 20 members based within the geography. Provide member’s name, email address and LinkedIn URL. If a LinkedIn URL is not available, contact CSA Global for an alternative. 3. Select a board of directors from within the initial members based upon a consensus process developed by the members. 4. Select a chapter name with the format Cloud Security Alliance, XXXX Chapter. 5. Send the above application to chapter-startup@cloudsecurityalliance.orgSource: https://cloudsecurityalliance.org/CSA-Chapter-Launch-Guide.pdf © 2011 TISA All Rights Reserved
  • 31. TISA Facebook Fan page มาเป็ นแฟนกันนะ วิธีการเข้ าหรือค้ นหา TISA Fan page :https://www.facebook.com/pages/TISA/161554843888938 หรือ © 2011 TISA All Rights Reserved
  • 32. www. TISA.or.thCopyright © 2011 TISA and its respective author (Thailand Information Security Association) Please contact : info@tisa.or.th © 2011 TISA All Rights Reserved