Another myth behind cloud security is the belief that the approach to application security should be tested with the environment, perhaps with a slightly different package can be used in a cloud. While traditional security issues continue to apply to the applications in the cloud, and you still need to take advantage of established processes based on the requirements, design organizations, implementation and testing. They cannot simply rearrange what they know about application security. Cloud applications need special care. Teams cannot only use reduction techniques at the network or operating system.
Safety Test :- Safety test shall be performed at the application level, not the environment level. The classification of risks and the design must take greater account of environmental risks of the cloud. And the application is the use of cloud models for encoding security conscious in order to effectively eliminate classes of vulnerabilities such as Cross-Site Scripting (XSS) and SQL injections. Standards, such as the OWASP Top 10 and CWE / SANS Top 25 are still valid for testing and applications for compensation IaaS assistant, and SaaS, and many more plug-in.
In general, Web testing and dynamic testing manual are relatively unchanged with respect to the evidence of traditional business applications. It is important to obtain the permission and tell your provider about the cloud hosting, if you plan to test dynamic or manual applications, particularly in an area of SaaS. It is also important to note that the conception of the clouds and models of implementation are still under investigation, with the efforts of organizations such as Cloud Security Alliance and NIST. Ultimately, it would be useful for service providers to get a prescription for application to the API.
Pre-Flight Checklists :- After the applications have been developed and safety testing of the application has been made in accordance with the requirements of the platform, it is probably ready to deploy. But, how you know you’re ready? Each environment, IaaS, PaaS, SaaS requires its own list to ensure the application is ready for prime time. For example, for a IaaS application in the cloud, the organization must have taken steps such as ensuring communication between the host with the encrypted channel and the security office of the messages, masked and filtered and sent confidential information and registration debugging capabilities. For an application PaaS, threat modeling should be incorporated into the risks of rent-platform API. For SaaS, it is essential to review the manufacturer’s documentation on how the data is isolated from the data of other tenants. You should also check the certifications of SaaS providers and security process SDLC.
Future Threats :- Myth: Just because you’re ready for safe flight, does not mean you can take off. Even with all the best preparation and safety measures in place, there is a debate about the nature of the emerging deployment environment, which leaves much more research to be done. An effective approach is required to use against the future threat modeling to help developers better understand the specific risks of applications in the cloud. The productivity of end users can be affected by a hacker who has got into the system to cause harm through access to sensitive information or planting malicious code that can be released at a later date. For example, using this method, you can identify software vulnerabilities can be exploited by a “pause and resume” attack on a virtual machine becomes temporarily frozen.
Since the security community, security providers, cloud providers, researchers and end users, who have a vested interest in the secure use of applications in the cloud, we have the power to establish guidelines and best practices on regular basis to develop a process of developing conservation to avoid the introduction of risk. Fasten your seat belts, it will be a fun ride.