OWASP and CSA_TISA Pro-Talk_4-2554

531 views
462 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
531
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

OWASP and CSA_TISA Pro-Talk_4-2554

  1. 1. ครงที่ 4 /2554 ั้ จ ัดโดยThailand Information Security Association (TISA) สมาคมความมั่นคงปลอดภัยระบบสารสนเทศแห่ งประเทศไทย © 2011 TISA All Rights Reserved
  2. 2. Agenda© 2011 TISA All Rights Reserved
  3. 3. TISA MC© 2011 TISA All Rights Reserved
  4. 4. © 2011 TISA All Rights Reserved
  5. 5. © 2011 TISA All Rights Reserved
  6. 6. What is OWASP? © 2011 TISA All Rights Reserved
  7. 7. OWASP Local Chapter around the world © 2011 TISA All Rights Reserved
  8. 8. OWASP Thailand Chapterhttps://www.owasp.org/index.php/Thailand © 2011 TISA All Rights Reserved
  9. 9. How to Participatehttps://www.owasp.org/index.php/Thailand © 2011 TISA All Rights Reserved
  10. 10. OWASP Thailand Chapter Facebook Fan page © 2011 TISA All Rights Reserved
  11. 11. OWASP Top 10 Riskshttps://www.owasp.org/index.php/Top_10_2010 © 2011 TISA All Rights Reserved
  12. 12. © 2011 TISA All Rights Reserved 12
  13. 13. © 2011 TISA All Rights Reserved
  14. 14. Web Application RisksOuter DMZ ZoneInner Server farm Zone © 2011 TISA All Rights Reserved
  15. 15. Your “Code” is Part of Your Security Perimeter APPLICATION Your security “perimeter” has hugeApplication Layer ATTACK holes at the “Application layer” Legacy Systems Human Resource Web Services Directories Databases Custom Developed Billing Application CodeNetwork Layer App Server Web Server Hardened OS Inner Firewall Outer Firewall You can’t use network layer protection (Firewall, SSL, IDS, hardening) to stop or detect application layer attacks © 2011 TISA All Rights Reserved
  16. 16. © 2011 TISA All Rights Reserved
  17. 17. © 2011 TISA All Rights Reserved
  18. 18. OWASP Thailand Mailing-listhttps://lists.owasp.org/mailman/listinfo/owasp-thailand © 2011 TISA All Rights Reserved
  19. 19. Cloud Security Alliance (CSA) Thailand Chapter Thanasin Jitkaew (TISA Volunteer) SSCP, (IRCA:ISMS), C|EH, CCNA, Network+ PTT ICT Solutions Co.,Ltd. © 2011 TISA All Rights Reserved
  20. 20. What is Cloud Security Alliance (CSA)?- Established in December 2008- Not-for-profit organization (member-driven)- With a mission to o Promote the use of best practices for providing security assurance within Cloud Computing. o Provide education on the uses of Cloud Computing to help secure all other forms of computing.Source: https://cloudsecurityalliance.org/about/ © 2011 TISA All Rights Reserved
  21. 21. Who are members of the CSA?Membership- Individuals- Chapters- Affiliates- CorporationsSource: https://cloudsecurityalliance.org/membership/ © 2011 TISA All Rights Reserved
  22. 22. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud Computing ( >100k downloads)Source: https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  23. 23. What does the CSA offer?Research- Cloud Control Matrix (CCM) o Controls derived from guidance o Mapped to familiar frameworks: ISO27001, COBIT, PCI , HIPAA, FISMA, FedRAMP o Customers vs. Provider role o Help bridge the “cloud gap” for IT & IT auditorsSource: https://cloudsecurityalliance.org/research/ All Rights Reserved © 2011 TISA
  24. 24. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud ComputingSource: https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  25. 25. What does the CSA offer?Research- Security Guidance for Critical Areas of Focus in Cloud Computing- Cloud Control Matrix (CCM)- Top threats to Cloud Computing- Consensus Assessment Initiative- Trusted Cloud Initiative- Cloud Security Alliance GRC Strack- …https://cloudsecurityalliance.org/research/ © 2011 TISA All Rights Reserved
  26. 26. CSA Regional ChaptersRegional chapters are essential to the mission of CSA Global to promote the secureadoption of cloud computing. 17 chapters 36 chapters © 2011 TISA All Rights Reserved
  27. 27. CSA Regional ChaptersNear by?- Official  GuangZhou Chapter, Singapore Chapter- In Development Hong Kong Chapter, Taipei Chapter, Indonesia Chapter Thailand? © 2011 TISA All Rights Reserved
  28. 28. CSA & OWASP Thailand Chapter Meeting (1/2011) © 2011 TISA All Rights Reserved
  29. 29. © 2011 TISA All Rights Reserved
  30. 30. Becoming a chapterGetting Started Apply for your CSA chapter as follows: 1. Define your chapter’s geographical boundary. 2. Sign up a minimum of 20 members based within the geography. Provide member’s name, email address and LinkedIn URL. If a LinkedIn URL is not available, contact CSA Global for an alternative. 3. Select a board of directors from within the initial members based upon a consensus process developed by the members. 4. Select a chapter name with the format Cloud Security Alliance, XXXX Chapter. 5. Send the above application to chapter-startup@cloudsecurityalliance.orgSource: https://cloudsecurityalliance.org/CSA-Chapter-Launch-Guide.pdf © 2011 TISA All Rights Reserved
  31. 31. TISA Facebook Fan page มาเป็ นแฟนกันนะ วิธีการเข้ าหรือค้ นหา TISA Fan page :https://www.facebook.com/pages/TISA/161554843888938 หรือ © 2011 TISA All Rights Reserved
  32. 32. www. TISA.or.thCopyright © 2011 TISA and its respective author (Thailand Information Security Association) Please contact : info@tisa.or.th © 2011 TISA All Rights Reserved

×