{"title":"Web Application Security Threats and Mitigation Strategies when Using Cloud Computing as Backend","authors":"Asma Z. Yamani, Khawlah Bajbaa, Reem Aljunaid","doi":"10.1109/CICN56167.2022.10008368","DOIUrl":null,"url":null,"abstract":"Cloud computing plays an important role in businesses' digital transformation as they offer easy-to-use services that save time and effort. Despite incredible features that are provided by cloud computing platforms, these platforms become the desirable target of attackers. This study aims to survey the literature for security threats related to web applications that have been developed using cloud computing services and then provide a set of recommendations to mitigate these threats. In this study, we first surveyed the literature for documented cases of threats faced while relying on cloud computing, then an online survey was sent to Computer Science students and web developers. The survey's questions were related to web threats whether they are aware of these threats or not and whether they have already applied any prevention measures for these threats. Then, a set of recommendations were provided that can help them to mitigate these threats. Finally, a tool was designed for generating security policies for the Broken Access Control threat for Firebase. Eighty-five responses were considered for this study. The average participants' awareness of all threats is 61 % despite 92% of participants having taken at least one security course. The main causes for neglecting to implement mitigation techniques was the lack of training and that developers are relying on the web services to provide security measures, then comes the process being time-consuming. The designed tool for mitigating Broken Access control showed promising results to ease the implementation of mitigation techniques. We conclude that due to the lack of awareness and negligence in implementing mitigation techniques, many present web apps may be compromised. Developing security tools for novice users, whenever possible, provides a solution for the main causes of the neglect to implement such measures and should be investigated further.","PeriodicalId":287589,"journal":{"name":"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICN56167.2022.10008368","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Cloud computing plays an important role in businesses' digital transformation as they offer easy-to-use services that save time and effort. Despite incredible features that are provided by cloud computing platforms, these platforms become the desirable target of attackers. This study aims to survey the literature for security threats related to web applications that have been developed using cloud computing services and then provide a set of recommendations to mitigate these threats. In this study, we first surveyed the literature for documented cases of threats faced while relying on cloud computing, then an online survey was sent to Computer Science students and web developers. The survey's questions were related to web threats whether they are aware of these threats or not and whether they have already applied any prevention measures for these threats. Then, a set of recommendations were provided that can help them to mitigate these threats. Finally, a tool was designed for generating security policies for the Broken Access Control threat for Firebase. Eighty-five responses were considered for this study. The average participants' awareness of all threats is 61 % despite 92% of participants having taken at least one security course. The main causes for neglecting to implement mitigation techniques was the lack of training and that developers are relying on the web services to provide security measures, then comes the process being time-consuming. The designed tool for mitigating Broken Access control showed promising results to ease the implementation of mitigation techniques. We conclude that due to the lack of awareness and negligence in implementing mitigation techniques, many present web apps may be compromised. Developing security tools for novice users, whenever possible, provides a solution for the main causes of the neglect to implement such measures and should be investigated further.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
