Security and Security Testing are considered as some of the great challenges with Cloud Computing. In addition to regular security issues, Cloud computing imposes
a set of unique security constraints such as identity federation management testing, multi-tenant penetration testing etc. A summary of various security attacks that need special focus by software
testing team is illustrated.
An important security vulnerability to be tested is the top issues identified by Open Web Application Security Project (OWASP) such as SQL injection, Cross-site scripting (XSS) etc. Attacks like SQL Injection and Cross Site Scripting are possible to a greater extent in a multi -tenant application. Test cases should be written to attack the system from the point of view of a rogue user who possesses the ID as one of the tenant of the application and that user's ability to penetrate the system and view the information of other tenants. A penetration test is a method of evaluating the security by simulating an attack by a malicious user. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit.
User access and
various user roles need to be tested to make sure that those roles work
properly as expected. Identity federation management is another important
aspect to be tested. This is called as Single-Sign-On (SSO) mechanism with
which a user once logged in successfully can access other components of the
systems without being prompted for the credentials again. For example, Cloud
software may have the default application areas as well as community support
for help and support. In such environment, the user once logged into the
application area, the user should be able to access the forums without being
prompted for his/her credentials again.
The SSO concept
can be understood using the below example. Consider that you have provided your
credentials to log into Gmail service by Google. Then, if you open Google drive
in another tab, it will open your Google drive without being asked you to log
in again. Then assume, you have opened Blogger (another Google application) in
next tab. Blogger as well will be opened automatically detecting the
credentials provided for Gmail. Now assume that you have logged out from Google
Drive. You will observe that entire session is terminated including those for
Gmail and Blogger. This is a typical SSO implementation mechanism.
Some important security
test considerations are multi-tenant database security testing and validating
the storage and retrieval of confidential information such as credit card
information and passwords.
Cloud is one of the tremendous technology that any company in this world would rely on(cloud computing training). Using this technology many tough tasks can be accomplished easily in no time. Your content are also explaining the same(Cloud computing training institutes in chennai). Thanks for sharing this in here. You are running a great blog, keep up this good work(hadoop training).
ReplyDeleteI got knowledge about this topic through your informative post.
ReplyDeleteforms-reports training in chennai
Yes you are right. In cloud environments, implementing security testing always a challenge. Here you have to use your valuable resources in order to get effective results.
ReplyDeleteSelenium automation testing tutorials
This comment has been removed by the author.
ReplyDeleteThat is very interesting; you are a very skilled blogger. I have shared your website in my social networks! A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article.Test automation services
ReplyDelete