Thank you for visiting OWASP.org. We recently migrated our community to a new web platform and regretably the content for this page needed to be programmatically ported from its previous wiki page. There’s still some work to be done. The historical content can be found here.
Please visit our Page Migration Guide for more information about updating pages for the new website as well as examples of github markdown.
Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, cloud functions (serverless), service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. Cloud-Native Applications is a fundamentally new and exciting approach to designing and building software. However, it also raises a completely new set of security challenges. For example, when you move to a microservice model, end-to-end visibility, monitoring and detection become more complex and difficult to execute.
Note: This project is a continuation of a previous project - "The Serverless Security Top 10 Most Common Weaknesses Guide", which was released on January 17th 2018 by PureSec, with collaboration of industry thought leaders from: IBM, iRobot, Denim Group, Cisco, Nordstrom, Asurion, Capital One, Microsoft, Check Point, A Cloud Guru and Cloud Academy.
The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.
The OWASP® Foundation works to improve the security of software through its community-led open source software projects,
hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
Cloud Native Application Security Top 10 Information