Question

What is vulnerability assessment in cloud computing?

Answer 1

Based on the abstract view of cloud computing we presented earlier, we can now move toward a defini­tion of what constitutes a cloud-specific vulnerability. A vulnerability is cloud specific if it

   is intrinsic to or prevalent in a core cloud computing technology,

   has its root cause in one of NIST’s essential cloud characteristics,

   is caused when cloud innovations make tried-and-tested security controls difficult or impossible to implement, or

   is prevalent in established state-of-the-art cloud offerings.

We now examine each of these four indicators.

Core-Technology Vulnerabilities

Cloud computing’s core technologies - Web applica­tions and services, virtualization, and cryptography - have vulnerabilities that are either intrinsic to the technology or prevalent in the technology’s state-of-the-art implementations. Three examples of such vul­nerabilities are virtual machine escape, session riding and hijacking, and insecure or obsolete cryptography.

First, the possibility that an attacker might success­fully escape from a virtualized environment lies in virtualization’s very nature. Hence, we must consider this vulnerability as intrinsic to virtualization and highly relevant to cloud computing.

Second, Web application technologies must over­come the problem that, by design, the HTTP proto­col is a stateless protocol, whereas Web applications require some notion of session state. Many techniques implement session handling and - as any security pro­fessional knowledgeable in Web application security will testify - many session handling implementations are vulnerable to session riding and session hijack­ing. Whether session riding/hijacking vulnerabilities are intrinsic to Web application technologies or are “only” prevalent in many current implementations is arguable; in any case, such vulnerabilities are certainly relevant for cloud computing.

https://www.esds.co.in/enlight-cloud-hosting