Automated Vulnerability Detection and Prediction by Security Testing for Cloud SAAS

@article{Krishnaveni2016AutomatedVD,
  title={Automated Vulnerability Detection and Prediction by Security Testing for Cloud SAAS},
  author={S. Krishnaveni and Senthil Prabakaran and S. Sivamohan},
  journal={Indian journal of science and technology},
  year={2016},
  volume={9},
  pages={1-8}
}
Background: Cloud SaaS becomes a susceptible target because its shares the application access and data among various tenants. So the careful security testing is necessary to avoid the security problems .As per the recent Survey done by OWASP reveals that SQL injection and Cross Site Scripting (XSS) are two of the most serious vulnerabilities in cloud based applications today, because of most dangerous attacks gets exploited and steal the user’s credentials such as cookie, credit card number etc… 
2 Citations

Figures and Tables from this paper

Design and Development of IOT Testbed with DDoS Attack for Cyber Security Research

  • R. ArthiS. Krishnaveni
  • Computer Science
    2021 3rd International Conference on Signal Processing and Communication (ICPSC)
  • 2021
TLDR
A real-time data collection framework for DNS amplification attacks in IoT is proposed and the generated network packets containing DDoS attack is captured through port mirroring.

Detection of diabetic retinopathy and related retinal disorders using fundus images based on deep learning and image processing techniques: A comprehensive review

TLDR
A comprehensive review of automated diagnostic methods for DR detection and other related eye disorders from several points: Causes for DR, publicly available datasets, image preprocessing, segmentation of various DR lesions, feature optimization, various deep learning models, and open research challenges.

References

SHOWING 1-10 OF 19 REFERENCES

Pixy: a static analysis tool for detecting Web application vulnerabilities

TLDR
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.

Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities

TLDR
This work investigated whether software metrics obtained from source code and development history are discriminative and predictive of vulnerable code locations, and predicted over 80 percent of the known vulnerable files with less than 25 percent false positives for both projects.

Static Detection of Security Vulnerabilities in Scripting Languages

TLDR
A static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications, is presented, finding 105 previously unknown security vulnerabilities, most of which it believes are remotely exploitable.

SC-TPDP Protocol to secure Multi-Cloud Storage from XSS Attacks

TLDR
The proposed secure cloud transmission protocol SC-TPDP is developed and designed which moderates XSS attacks and is secure and minimizes the attacker's entry, thus protecting cloud end user from XSS attack.

Preventing Cloud Attacks using Bio-Metric Authentication in Cloud Computing

TLDR
Minutiae Map algorithm is implemented for processing fingerprint based authentication and is analyses that MM algorithm is the best accurate fingerprint feature extraction algorithm compared to Orientation Map, Gabor Filter and core point detection techniques.

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities

TLDR
This paper classify various input sanitization methods into different types and proposes a set of static code attributes that represent these types, then uses data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications.

Predicting Vulnerable Components: Software Metrics vs Text Mining

TLDR
This paper provides a high-quality, public dataset, containing 223 vulnerabilities found in three web applications, and uses this dataset to compare vulnerability prediction models based on text mining with models using software metrics as predictors, finding that text mining models had higher recall than software metrics based models for all three applications.

Prioritizing software security fortification throughcode-level metrics

TLDR
This work mined and analyzed data from a large commercial telecommunications software system containing over one million lines of code that had been deployed to the field for two years to create predictive models to identify which components are likely to have the most security risk.

Predicting Vulnerable Software Components via Text Mining

TLDR
In an exploratory validation with 20 Android applications, it is discovered that a dependable prediction model can be built and could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny.