Web Based XSS and SQL Attacks on Cloud and Mitigation

Abstract

A key technology towards enabling the use of Software as a Service (SaaS) in the cloud computing is Web 2.0 which relieves the users form tasks such as installation and maintenance. Web based applications are recently considered as the fastest service to provide on-line information. It has been used widely all around. As growing rate of using web based applications its vulnerabilities are also being discovered and disclosed at an alarming rate. Cloud computing systems are facing a web based software security problems. This type of attacks are use to exploit the authorization, authentication and accounting the vulnerability of Cloud Systems. Malicious programs can be uploaded to cloud systems to create damage. In other words, an attacker uses skills to exploit the system by injecting some malicious script into the web pages in a dynamic form that allows capturing the private session information. Cloud systems are susceptible to malware injection attacks and its security risks and threats were investigate based on the nature of the cloud service models. It is essential to identify the possible cloud attacks and threats for implement the better security mechanisms to protect cloud computing environment. In this paper we have present most common prominent web based malware injection with two category cross-site scripting and SQL injection attacks on the cloud and methods used to hack the website by different techniques and some mitigation technique to avoid such type of attacks.