• Cross-site scripting
• Cross-site request forgery
• Cookie manipulation
• OS and SQL injection
• Insecure storage
• Hidden field manipulation
Due to the vulnerabilities listed above, achieving data security in cloud remains a mammoth task.
1) Network Security: When using SaaS, the client transfer sensitive information to the application over the network. Hence, it is essential to secure the connection and provide proper network security. Currently, a majority of the SaaS vendor using Secure Socket Layer …show more content…
As SaaS applications are available in a distributed environment, data integrity becomes an important issue. In distributed systems, the data integrity is achieved through a central transaction manager. But SaaS applications tend to be multi-tenant and run as services. These services often expose their functionality through an interface and serve data in the form of XML. Hence, the lack of clear transaction management and data integrity checks on these services can create serious vulnerabilities and provide unauthorized access to private data resulting in huge financial losses. Therefore, it is of utmost importance to ensure data integrity is not violated through the use of SaaS …show more content…
This can also be a source of security risk.
In addition to the above mentioned security flaws, PaaS inherits all the security risks present in SaaS model such as data security, network security etc.
B. Security challenges in Infrastructure as a Service
In IaaS, the vendor provides the customer with all the infrastructure necessary such as servers, storage, network and other computing resources primarily in the form of virtualized resources. Thus, provider is responsible for security only till the hypervisor and any other security issues above in the OS or application level should be handled by the customer. Thus, in IaaS the customers have greater control over the security policies implemented compared to other service models. However, this does not mean IaaS is not susceptible to security flaws. Some of sources of security flaws which are a cause for concern in IaaS are discussed