Attacks Against the Cloud
Despite the belief that cloud-based systems are immediately “more secure” than their traditional counterparts, the truth is that cloud computing can actually make applications less secure. Applications running in the cloud are still vulnerable to many of the issues organizations have struggled to address in traditional applications. Insecure applications that run in the cloud are identical to insecure applications that run on standalone, dedicated servers. Issues such as buffer overflows, SQL injection, cross-site scripting (XSS), command injection, and other common application-level vulnerabilities do not magically disappear because your organization has migrated its applications to the cloud. In addition to the known vulnerability classes, applications running in the cloud also bring up a new set of security concerns. Due to the novelty of cloud computing, some of the anticipated threats have been theorized, studied, and accepted as potential avenues of attack for cloud applications. In addition to those vulnerable classes that are proposed, there will be many new threats that no one will have anticipated and that your organization will have to deal with and harden its applications against. The following sections describe some of the attack classes against cloud applications.
Poisoned Virtual Machines
Dedicated, standalone machines are the norm for today’s organizations. Network engineers and administrators purchase servers from major vendors, install the ...
Get Hacking: The Next Generation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.