Skip navigation EPAM
  • SUBSCRIBE
  • Enter your search query or select one from the list of frequent searches below. Use up and down arrows to review and enter to select.

Cloud Security: Common Attacks

Artem Chaykin

Head of Application Security, Cyber R&D Lab
Research
  • Cloud Security

With the global movement to cloud-based infrastructure, attack surfaces are moving to a cloud.

We’ve found cloud security articles often cover attack vectors and threats that are shared by both cloud and non-cloud environments, such as “Denial of service” or “Data theft.” There is a lot less information available about cloud-specific vulnerabilities.

This article goes through the most common cloud-specific vulnerabilities that we’ve encountered over the years. It explains what attacks are possible and the inherent risks organizations may face because of them. We’ll cover Amazon Web Services (AWS) and Microsoft Azure cloud services. However, most of these vulnerabilities can occur on any other similar cloud service.

We examine vulnerabilities and attacks based on:

  • Insecure configurations in services like Amazon S3
  • Subdomain takeovers exploiting “Dangling DNS” records (i.e., active subdomains that point toward a deprovisioned cloud service resource)
  • Metadata Exposures and the Server-Side Request Forgeries (SSRF) that they enable
  • SSRF vulnerabilities within serverless applications like AWS Lambda
  • Dangers of excessive Identity and Access Management (IAM) privileges

Download the full research white paper to learn more.

Get Whitepaper

Successfully submitted! Please check your email for the link to the whitepaper you requested.

Oops, something went wrong. Please try again.

If your download doesn't start automatically, please click

Validation failed! Please use the same browser and device that you used to fill out this form. You can also re-submit the form to receive a new download link.

Thank you for helping us keep your information up-to-date.

WhatWeDo.jpg

We Can Help

Our experts can help identify vulnerabilities and threats to keep your business secure.