OWASP Non-Human Identities Top 10
The Non-human identity (NHI) top 10 is a comprehensive list of the most pressing security risks and vulnerabilities that non-human identities present to organizations. Non-human identities are prevalent in usage for facilitating creation of applications by developers, and the project is aimed at helping security professionals thoroughly understand their non-human attack surface, so they can better protect and manage it. The project spans across thoroughly explaining the risks and their potential exploits, as well as providing actionable prevention practices and incident response playbooks.
Road Map
- Submission of project proposal (Now)
- Reaching out to prominent contributors of the identity security space (Ongoing)
- Mapping out top X risks
- Data collection on chosen risks
- A public survey co-operated with Cloud Security Alliance (CSA)
- Data assessment on real-life environments and platforms
- Aggregation of data and risk scoring
- Final draft of the top 10 risks alongside above Documentation efforts
- Round-table together with contributors and leaders to construct roadmap towards project review and graduation to a Lab project (~6 months after project inception)
How to contribute
Involvement in the development and promotion of OWASP Non-Human Identities Top 10 is actively encouraged! You do not have to be a security expert in order to contribute.
Here are some ways you can help:
- We are looking for organizations and individuals that will provide vulnerability prevalence data
- Translate the top 10 to non-English languages
- Review, critique and suggest improvements to the Top 10 list
- Star the GitHub Project
- Contribute real world examples to categories in the Top 10 list
- Add your Success Story - tell us and the world how you’re using the Top 10 list
Individuals and organizations that provide a significant contribution to the project will be listed on the acknowledgments page.
How to reach out:
- Give us feedback / suggestions / report bugs on GitHub
- Join our email group
- Contact the project leads
- Talk to us on Slack (#non-human-identities-top-10)
Got an idea?
Got any ideas on how to make this project better? These guidelines will help with how to get involved:
- Join the conversation on email or Slack to find collaborators or see if others have a similar interest.
- Search the project’s GitHub issues for related proposals. Found one? Join it!
- If you haven’t found a relevant issue, create one! Clearly specify why your proposal is important and which changes are proposed. Advertise your proposal to others to find collaborators.
Getting Started with your first Pull Request
A Pull Request (PR) can be created by following these steps.
Remember to:
- Fork the repository.
- Create an initial draft implementing your proposal and submit it for review as a PR. Don’t let perfect be the enemy of good.
- Advertise your proposal to others and ask for reviews.
- Once your PR is merged, continue to submit PRs to fine-tune and improve on previous versions.
- Congrats and thank you!
Contributors
Individuals that provided a significant contribution to the project:
| Name | Affiliation | Contact |
|---|---|---|
| Roni Lichtman | Torch Security | Twitter LinkedIn |
| Tal Skverer | Astrix Security | |
| Or Cohen | - | |
| Idan Basre | - | |
| Amir Benvenisti | - | |
| Dor Dali | Cyolo | |
| Jack Schofield | Snyk |