Delivering a Secured Cloud Computing Architecture and Traditional IT Outsourcing Environment via Penetration Tools in Ghana
Автор: Umar Sayibu, Frimpong Twum, Issah Baako
Журнал: International Journal of Computer Network and Information Security @ijcnis
Статья в выпуске: 11 vol.11, 2019 года.
Бесплатный доступ
The decision to use either Cloud Computing (CC) applications or Traditional Information Technology Outsourcing (Traditional ITO) environments is a function of the security evaluations of these two options. Hackers are constantly nosing around websites and other computer networks for compromised computers that have some vulnerabilities to exploit them. Vulnerabilities in cloud computing and Traditional ITO environments are leading causes of recent data breaches. These breaches provide opportunities to hackers to attack and gain access to customer information such as credit cards and contact information, passwords, sending of malicious codes to website users or making users computer potential candidates of botnets and to hijack the sessions of authentic users to make unapproved purchases on their behalf. In this paper, security penetration tools have been employed to evaluate the security vulnerabilities of cloud-based solutions and Traditional ITO to discover possible vulnerabilities, their causes and mitigation strategies to securing web applications from the discovered vulnerabilities. Some web applications and a Traditional ITO network were ethically hacked to discover vulnerabilities in them. Analyses of the results obtained through the ZAP scan flagged Remote File Inclusion (RFI) alert were high priority alert. In all, RFI constitutes the most serious potential threat and it needs the fullest attention of CC service providers. Nmap disclosed opened ports in Traditional ITO Virtual Private Network which can make the server of the provider accessible to hackers leading to a considerable disclosure of information to unauthorized users.
Vulnerabilities, Web-based Applications, Traditional ITO, Cloud Computing, Virtual Private Network
Короткий адрес: https://sciup.org/15017000
IDR: 15017000 | DOI: 10.5815/ijcnis.2019.11.06
Список литературы Delivering a Secured Cloud Computing Architecture and Traditional IT Outsourcing Environment via Penetration Tools in Ghana
- Kaur, Daljit, and Parminder Kaur. "Empirical analysis of web attacks." Procedia Computer Science 78 (2016): 298-306.
- Jasmine, M. S., Kirthiga Devi, and Geogen George. "Detecting XSS Based Web Application Vulnerabilities." International Journal of Computer Technology & Applications 8, no. 2 (2017): 291-297.
- Chang, Victor, Yen-Hung Kuo, and Muthu Ramachandran. "Cloud computing adoption framework: A security framework for business clouds." Future Generation Computer Systems 57 (2016): 24-41.
- Jones, Steve, Zahir Irani, Uthayasankar Sivarajah, and Peter ED Love. "Risks and rewards of cloud computing in the UK public sector: A reflection on three Organisational case studies." Information systems frontiers (2017): 1-24.
- Wang, Nianxin, Huigang Liang, Yu Jia, Shilun Ge, Yajiong Xue, and Zhining Wang. "Cloud computing research in the IS discipline: A citation/co-citation analysis." Decision Support Systems 86 (2016): 35-47.
- Haried, Peter J., and Craig C. Claybaugh. "Evaluating information systems offshore project success: can success and failure coexist?." Journal of Global Information Technology Management 20, no. 1 (2017): 8-27.
- Schneider, Stephan, and Ali Sunyaev. "Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing." Journal of Information Technology 31, no. 1 (2016): 1-31.
- Schneider, Stephan, and Ali Sunyaev. "Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing." Journal of Information Technology 31, no. 1 (2016): 1-31
- Schneider, Stephan, and Ali Sunyaev. "Determinant factors of cloud-sourcing decisions: reflecting on the IT outsourcing literature in the era of cloud computing." Journal of Information Technology 31, no. 1 (2016): 1-31.
- Acunetix Web Application Vulnerability Report 2019. https://www.acunetix.com/acunetix-web-application-vulnerability-report/ (Retrieved on 7/10/19)
- Holík, Filip, and Sona Neradova. "Vulnerabilities of modern web applications." In 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1256-1261. IEEE, 2017.
- Islam, Tariqul, D. Manivannan, and Sherali Zeadally. "A classification and characterization of security threats in cloud computing." Int. J. Next-Gener. Comput 7, no. 1 (2016).
- Sagar, Deepika, Sahil Kukreja, Jwngfu Brahma, Shobha Tyagi, and Prateek Jain. "Studying open source vulnerability scanners for vulnerabilities in web applications." IIOAB JOURNAL 9, no. 2 (2018): 43-49.
- Parasram, Shiva VN, Alex Samm, Damian Boodoo, Gerard Johansen, Lee Allen, Tedi Heriyanto, and Shakeel Ali. Kali Linux 2018: Assuring Security by Penetration Testing: Unleash the full potential of Kali Linux 2018, now with updated tools. Packt Publishing Ltd, 2018.
- Jabir, Raja Mohamed, Salam Ismail Rasheed Khanji, Liza Abdallah Ahmad, Omar Alfandi, and Huwida Said. "Analysis of cloud computing attacks and countermeasures." In 2016 18th International Conference on Advanced Communication Technology (ICACT), pp. 117-123. IEEE, 2016.
- Paudel, Samir. "Vulnerable Web Applications and how to Audit Them: Use of OWASP Zed Attack Proxy effectively to find the vulnerabilities of web applications." (2016).
- Omeiza, Daniel, and Jemima Owusu-Tweneboah. "Web Security Investigation through Penetration Tests: A Case study of an Educational Institution Portal." arXiv preprint arXiv:1811.01388 (2018).
- Sagar, Deepika, Sahil Kukreja, Jwngfu Brahma, Shobha Tyagi, and Prateek Jain. "Studying open source vulnerability scanners for vulnerabilities in web applications." IIOAB JOURNAL 9, no. 2 (2018): 43-49
- A Hacker’s View of Your Network—Analyzing Your Network with Nmap https://www.usenix.org/conference/lisa18/presentation/schottman ( Retrieved on 23/09/19)
- Remote file inclusion (RFI) https://www.imperva.com/learn/application-security/rfi-remote-file-inclusion (Retrieved on 19/09/19)