cloud security threats

Open Web Application Security Project Critical Cloud Security Threats

Spread the love


This blogpost discusses Open Web Application Security Project Critical Cloud Security Threats. In particular, ten most critical security threats for web applications are discussed in this blogpost.

The data available on the world wide web (www) is open to vulnerabilities of several types. According to Open Web Application Security Project, the following are the most critical security threats for Web applications and, therefore, the appropriate measures should be taken by the organizations when architecting and designing their Web applications.

  • Injection flaws— these result in execution of unintended commands without appropriate authorization
  • Broken Authentication— results in compromising the passwords, keys etc.
  • Sensitive Data Exposure—this includes theft of sensitive information, such as credit card information, identity theft, or health information while connected through the browser etc.
  • XML External Entities (XXE)—includes file disclosure of information through external entities references in XML documents
  • Broken Access Control— includes access to the data one is not allowed to have, for example due to compromised access control, unauthorized access to other users’ accounts etc.
  • Security Misconfigurations— the most common problem in fact. For example, inappropriate default configurations, misconfigured HTTP headers, open cloud storage, or ad hoc configurations give rise to the security vulnerabilities
  • Cross-Site Scripting — includes defacing the websites or redirects the users to the malicious sites through the malicious scripts executed in the browsers.
  • Insecure Deserialization — due to insecure deserialization, undesirable situations, such as injection attack, replay attacks, and privilege escalation attacks might be encountered
  • Use of Components with Known Vulnerabilities—if certain libraries or components whose vulnerabilities are already known are employed, this might lead to serious issues, such as data loss or server takeover etc.
  • Insufficient Logging and Monitoring— insufficient monitoring and logging also permits attackers to tamper, destroy, or hack the data
In summary, the web applications on the Internet are susceptible to a variety of security threats. Therefore, the cloud application designers should consider the security threats while developing the applications. 
Click here to read about cloud computing services.