Abstract
The Cloud computing is a powerful tool to optimize the cost in terms of hardware, controllable, utility to sharing the data, due to abovementioned features most of the organization switching their applications and services on the cloud. Cloud services offer secure and scalable services, but there is always some security problem when data have transmitted from a central storage server to a different cloud, personal and private data commitment increase risk of data confidentiality, integrity, availability, and authentication before one choose a vendor in the cloud or choose the cloud and move services in the cloud. This paper aims to resolve issues and provide the countermeasures relating to security issues in clouds based web applications. The vulnerability scores, its impact on confidentiality, integrity, availability, access complexity, and risk on assets calculated, and it observed most of the vulnerabilities identified during the scanning are related to security due to mis-configurations of web servers. The results analyzed for the vulnerability scores, vulnerabilities impact on confidentiality, integrity, availability, access complexity, and risk are analyzed description, and risk assessment. The countermeasures for each vulnerability based on the experimental results discussed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Change history
19 May 2022
This article has been retracted. Please see the Retraction Notice for more detail: https://doi.org/10.1007/s12652-022-03952-4
References
AbRahman NH, Glisson WB, Yang Y, Choo KKR (2016) Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput 3(1):50–59
Albakri SH, Shanmugam B, Samy GN, Idris NB, Ahmed A (2014) Security risk assessment framework for cloud computing environments. Secur Commun Netw 7(11):2114–2124
Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 2015:357–383
AlShehri MAR, Mishra S (2019) Feature based comparison and selection of SDN controller. Int J Innov Technol Manag 16(05):1–23
Anisetti M, Ardagna C, Damiani E, Gaudenzi F (2017) A semi-automatic and trustworthy scheme for continuous cloud service certification. IEEE Trans Serv Comput 2017:1–14
Ardagna D, Ciavotta M, Passacantando M (2015) Generalized nash equilibria for the service provisioning problem in multi-cloud systems. IEEE Trans Serv Comput 10(3):381–395
Avram MG (2014) Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technol 2014:529–534
Babu BM, Bhanu MS (2015) Prevention of insider attacks by integrating behavior analysis with risk based access control model to protect cloud. Procedia Comput Sci 2015:157–166
Beckers K, Dürrwang J, Holling D (2016) Standard compliant hazard and threat analysis for the automotive domain. Information 7(3):1–35
Bellini P, Cenni D, Nesi P (2015) Smart cloud engine and solution based on knowledge base. Procedia Comput Sci 2015:3–16
Bower KM (2000) Analysis of variance (ANOVA) using MINITAB. Sci Comput Instrum 2000:64–65
Cayirci E, De Oliveira AS (2018) Modelling trust and risk for cloud services. J Cloud Comput 7(1):7–14
Chen HC, Lee PP (2013) Enabling data integrity protection in regenerating-coding-based cloud storage: theory and implementation. IEEE Trans Parallel Distrib Syst 25(2):407–416
Chou DC (2015) Cloud computing risk and audit issues. Comput Stand Interfaces 2015:137–142
Coppolino L, D’Antonio S, Mazzeo G, Romano L (2017) Cloud security: Emerging threats and current solutions. Comput & Electr Eng 2017:126–140
Farn KJ, Lin SK, Fung ARW (2004) A study on information security management system evaluation—assets, threat and vulnerability. Comput Stand Interfaces 26(6):501–513
Hong JB, Nhlabatsi A, Kim DS, Hussein A, Fetais N, Khan KM (2019) Systematic identification of threats in the cloud: A survey. Comput Netw 2019:46–69
Jung T, Li XY, Wan Z, Wan M (2014) Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans Inf Forensics Secur 10(1):190–199
Khan N, Al-Yasiri A (2016) Identifying cloud security threats to strengthen cloud computing adoption framework. Procedia Comput Sci 94:485–490
Kritikos K, Magoutis K, Papoutsakis M, Ioannidis S (2019) A survey on vulnerability assessment tools and databases for cloud-based web applications. Array 2019:1–21
Latha K, Sheela T (2019) Block based data security and data distribution on multi cloud environment. J Ambient Intell Human Comput 2019:1–7
Liu JC, Lin CH, Lee KY (2019) Cloud-based personal data protection system and its performance evaluation. Journal of Internet Technology 20(6):1721–1727
Mackita M, Shin SY, Choe TY (2019) ERMOCTAVE: a risk management framework for it systems which adopt cloud computing. Future Internet 11(9):1–21
Mall S, Saroj SK (2018) A new security framework for cloud data. Procedia Comput Sci 2018:765–775
Mell P, Grance T (2011) The NIST definition of cloud computing, pp 1–7
Palanikkumar D (2012) An enhanced security enabled sharing of protected cloud storage services by trapdoor commitment based on RSA signature assumption. Bonfring Int J Res Commun Eng 2(3):01–07
Patil R, Modi C (2019) An exhaustive survey on security concerns and solutions at different components of virtualization. ACM Comput Surv (CSUR) 52(1):1–38
Song MH (2014) Analysis of risks for virtualization technology. Appl Mech Mater 2014:374–377
Subramanian N, Jeyaraj A (2018) Recent security challenges in cloud computing. Comput Electr Eng 2018:28–42
Wang Y, Wen J, Wang X, Zhou W (2017) Cloud service evaluation model based on trust and privacy-aware. Optik 2017:269–279
Acknowledgments
The authors would like to thank Deanship of Scientific Research at Majmaah University for supporting this work under Project number no. RGP - 2019-27.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article has been retracted. Please see the retraction notice for more detail:https://doi.org/10.1007/s12652-022-03952-4
About this article
Cite this article
Mishra, S., Sharma, S.K. & Alowaidi, M.A. RETRACTED ARTICLE: Analysis of security issues of cloud-based web applications. J Ambient Intell Human Comput 12, 7051–7062 (2021). https://doi.org/10.1007/s12652-020-02370-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02370-8