Affiliation:
1. Computing deptartment School of Creative and Digital Industries Buckinghamshire New University High Wycombe, UK
Abstract
This paper discusses methods, tools, approaches, and techniques used for the penetration testing on the cloud-based web application on Amazon AWS platform. The findings of a penetration test could be used to fix weaknesses and vulnerabilities, and significantly improve security. The testing is implemented by undertaking a malicious attack aiming to breach system networks and thereby confirm the presence of cloud infrastructure. The research focuses on cloud-based web applications' high-risk vulnerabilities such as unrestricted file upload, command injection, and cross-site scripting. The outcomes expose and approved some vulnerabilities, flaws, and mistakes in the utilised cloud based web application. It is concluded that some vulnerabilities haveto be considered before architecting the cloud system. Recommendations are proposing solutions to testing results.
Publisher
World Scientific and Engineering Academy and Society (WSEAS)
Reference73 articles.
1. Acunetix (2015) How File Upload Forms are Used by Online Attackers, Acunetix. Available at: https://www.acunetix.com/websitesecurity/upload-forms-threat/ (Accessed: 28 December 2022).
2. Allsopp, W. (2010) Unauthorised access: physical penetration testing for IT security teams. John Wiley & Sons.
3. Ami, P. and Hasan, A. (2012) ‘Seven Phrase Penetration Testing Model’, International Journal of Computer Applications, 59(5), pp. 16–20. Available at: https://doi.org/10.5120/9543-3991.
4. Arkin, B., Stender, S. and McGraw, G. (2005) ‘Software penetration testing’, IEEE Security Privacy, 3(1), pp. 84–87. Available at: https://doi.org/10.1109/MSP.2005.23.
5. Austin, A., Holmgreen, C. and Williams, L. (2013) ‘A comparison of the efficiency and effectiveness of vulnerability discovery techniques’, Information and Software Technology, 55(7), pp. 1279–1288. Available at: https://doi.org/10.1016/j.infsof.2012.11.007.