Automated Vulnerability Detection and Prediction by Security Testing for Cloud SAAS

  title={Automated Vulnerability Detection and Prediction by Security Testing for Cloud SAAS},
  author={S. Krishnaveni and S. Prabakaran and S. Sivamohan},
  journal={Indian journal of science and technology},
Background: Cloud SaaS becomes a susceptible target because its shares the application access and data among various tenants. So the careful security testing is necessary to avoid the security problems .As per the recent Survey done by OWASP reveals that SQL injection and Cross Site Scripting (XSS) are two of the most serious vulnerabilities in cloud based applications today, because of most dangerous attacks gets exploited and steal the user’s credentials such as cookie, credit card number etc… Expand
1 Citations
Design and Development of IOT Testbed with DDoS Attack for Cyber Security Research
The Internet of Things (IoT) is clubbed by networking of sensors and other embedded electronics. As more devices are getting connected, the vulnerability of getting affected by various IoT threatsExpand


Pixy: a static analysis tool for detecting Web application vulnerabilities
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection. Expand
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
This work investigated whether software metrics obtained from source code and development history are discriminative and predictive of vulnerable code locations, and predicted over 80 percent of the known vulnerable files with less than 25 percent false positives for both projects. Expand
Static Detection of Security Vulnerabilities in Scripting Languages
A static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications, is presented, finding 105 previously unknown security vulnerabilities, most of which it believes are remotely exploitable. Expand
SC-TPDP Protocol to secure Multi-Cloud Storage from XSS Attacks
The proposed secure cloud transmission protocol SC-TPDP is developed and designed which moderates XSS attacks and is secure and minimizes the attacker's entry, thus protecting cloud end user from XSS attack. Expand
Preventing Cloud Attacks using Bio-Metric Authentication in Cloud Computing
Minutiae Map algorithm is implemented for processing fingerprint based authentication and is analyses that MM algorithm is the best accurate fingerprint feature extraction algorithm compared to Orientation Map, Gabor Filter and core point detection techniques. Expand
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
This paper classify various input sanitization methods into different types and proposes a set of static code attributes that represent these types, then uses data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Expand
Predicting Vulnerable Components: Software Metrics vs Text Mining
This paper provides a high-quality, public dataset, containing 223 vulnerabilities found in three web applications, and uses this dataset to compare vulnerability prediction models based on text mining with models using software metrics as predictors, finding that text mining models had higher recall than software metrics based models for all three applications. Expand
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
A framework to automatically predict vulnerabilities based on CCC metrics is presented and experimental results indicate that structural information from the non-security realm such as complexity, coupling, and cohesion are useful in vulnerability prediction. Expand
Prioritizing software security fortification throughcode-level metrics
This work mined and analyzed data from a large commercial telecommunications software system containing over one million lines of code that had been deployed to the field for two years to create predictive models to identify which components are likely to have the most security risk. Expand
Predicting Vulnerable Software Components via Text Mining
In an exploratory validation with 20 Android applications, it is discovered that a dependable prediction model can be built and could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny. Expand