OWASP Cloud-Native Application Security Top 10 report
The OWASP Cloud-Native Application Security Top 10 is a resource that identifies the most critical security risks associated with cloud-native applications. It also details the challenges organizations face when securing these applications and provides guidance on mitigating those risks.
Covered Entities
The OWASP Cloud-Native Application Security Top 10 provides guidance and education for organizations adopting Cloud-Native applications securely.
For more information, see OWASP Cloud-Native Application Security Top 10.
To learn more about securing web applications, visit HCL Software - AppScan.
OWASP Cloud-Native Application Security Top 10 Vulnerabilities
ID | Name |
---|---|
CNAS-1 | Insecure cloud, container or orchestration configuration |
CNAS-2 | Injection flaws (app layer, cloud events, cloud services) |
CNAS-3 | Improper authentication and authorization |
CNAS-4 | CI CD pipeline and software supply chain flaws |
CNAS-5 | Insecure secrets storage |
CNAS-6 | Over-permissive or insecure network policies |
CNAS-7 | Using components with known vulnerabilities |
CNAS-8 | Improper assets management |
CNAS-9 | Inadequate compute resource quota limits |
CNAS-10 | Ineffective logging and monitoring |