Nowadays, data breach is the biggest security issue. It is occur when unauthorized user copied, transmitted, viewed, stolen or used sensitive, protected and confidential data [1]. Based on the 2015 Data Breach Investigation Report by Verizon, 2014 data breach causes by POS Intrusion (28.5%), Crime ware (18.8%), cyber-espionage (18%), insider misuse (10.6%), web app attacks (9.4%), miscellaneous errors (8.1%), physical theft/loss (3.3%) card-skimmer (3.1%), DOS attack (0.1%) [2]. Vulnerability is a hole or weakness that will cause harm and damage to the organization. Cloud computing means sharing resources via Internet and only allow authenticate user to access.
Cloud computing deal with sharing resources such as applications, servers
…show more content…
This layer use virtual machines (run different OS) that allow clients to build complex network infrastructures to reduce the cost and workload for installation and maintenance. Since it is using virtual machines, attacker can rent virtual machine like Amazon’s EC2 cloud to launch inter-VM attacks [3] to analyze configurations, find vulnerabilities, and launch DOS/DDOS attack to other virtual machines in the same cloud. Brute force attacks and DOS attacks can be launched using the cloud. As example, in Black Hat Technical Security Conference, Thomas Roth, demonstrated a brute force attack by renting a server from Amazon’s EC2. He managed to crack a WPA-PSK protected network and fired 400,000 passwords per second and gaining access into the system in only 20 minutes that cost him only 28 cents per minute.[1] PaaS is designed to provide a development platform for users to design their specific applications. SaaS allows users to rent applications running on clouds instead of purchase the …show more content…
Ficco and M. Rak present Stealthy Denial of Service Strategy in Cloud Computing [4]. This attack patterns has being launch against applications running in the cloud. The aim not only for service unavailable but also for exploiting the cloud flexibility, forcing the application to consume more resources than needed, affecting the cloud customer more on financial aspects as payment of cloud is determine by SLA or Service level agreements. X-Dos (XML Denial of service) has being launch using virtual machine. Not only causing service unavailable, it also cause gaining unauthorized access to the server using brute force attack.
Web injection such as SQL injection and Cross-site scripting (XSS) are the other attack that exploit vulnerabilities as they interact with the back-end database to retrieve persistent data and present the data to the user in the form of HTML web pages. [5] SQL injection occur when attacker exploit the vulnerabilities of web server and inject SQL command in order to gain unauthorized access to the database. [1] AS example,
$query = “select accountName, accountNumber from creditCardAccounts where username='“.$_POST[“username“].“' and