Journal Article10.2352/ei.2024.36.3.mobmu-319
Automated Tools for Cloud Security Testing
Hamid Ghazizadeh,Gerrit Tamm,Reiner Creutzburg +2 more
TL;DR: The paper explores challenges, tools, techniques, and methodologies for cloud security testing, focusing on Azure offerings and known vulnerabilities. It introduces tools offered by major CSPs, published vulnerabilities, and API vulnerabilities according to OWASP.
read more
Abstract: The fast growth of cloud computing technology has led to immense development in the public and private sectors.Cloud computing provides a high level of virtualization, massive scalability, multitenancy, and elasticity.This has enabled organizations, academia, government departments, and the public to advance with this technology.However, they cannot assuredly place their information in the cloud due to many security threats.Cloud security plays a vital role in establishing confidence between the cloud service providers, consumers, and multi-users to maintain the security levels of their data.Moreover, in the scope of cloud computing, the importance of security testing must be considered.Security testing involves evaluating the cloud infrastructure and applications for vulnerabilities, ensuring that sensitive data remains protected.This paper focused on the challenges, tools, techniques, and methodologies for cloud security testing.Furthermore, the paper introduces the tools offered by three significant CSPs for cloud security testing and the most critical cloud vulnerabilities.It explains some published vulnerabilities around these three major CSPs.Between these three significant CSPs, we focused on Azure offerings for securing their clouds and some known tools for security testing in the cloud.Lastly, we introduced and explained the most essential API vulnerabilities according to OWASP and a suggested way to mitigate them. Literature ReviewIn the realm of cloud security testing, significant advancements have been made, particularly in the development of automated testing systems.Tao, Lin, and Lu (2015) designed a cloud platform-based automated testing system specifically for the mobile internet environment.This system leverages virtualization and automation technology to integrate mobile terminals into the cloud platform, offering a novel service known as Testing as a Service (TaaS).The system's ability to flexibly
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
References
Review: A survey of intrusion detection techniques in Cloud
TL;DR: This paper surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services and recommends IDS/IPS positioning in Cloud environment to achieve desired security in the next generation networks.
957
An analysis of security issues for cloud computing
TL;DR: This work identifies the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.
•Posted Content
An Analysis of the Cloud Computing Security Problem
TL;DR: A detailed analysis of the cloud security problem is introduced and key features that should be covered by any proposed security solution are derived.
390
Cyber security threats, challenges and defence mechanisms in cloud computing
TL;DR: There is a major threat concerning data breaches because of the lack of management understanding of the use of cloud computing services and their defence mechanisms and the various threats to cloud computing are explored, in addition to outlining defence mechanisms against these threats.
41
•Proceedings Article
Environment Modeling for Automated Testing of Cloud Applications
Linghao Zhang,Tao Xie,Nikolai Tillmann,Peli de Halleux,Xiaoxing Ma,Jian lv +5 more
- 01 Jan 2011
TL;DR: An approach to model the cloud environment for simulating the behavior of the real environment and apply Dynamic Symbolic Execution (DSE) to both generate test inputs and cloud states to achieve high structural coverage of the cloud application is proposed.