Cloud-specific Vulnerabilities - CompTIA Security+ SY0-701 - 2.3

Security in the cloud

• Cloud adoption has been nearly universal

- It's difficult to find a company NOT using the cloud

• We've put sensitive data in the cloud

- The attackers would like this data

• We're not putting in the right protections

- 76% of organizations aren't using

- MFA for management console users

• Simple best-practices aren't being used

- 63% of code in production are unpatched

- Vulnerabilities rated high or critical (CVSS >= 7.0)

Attack the service

Denial of Service (DoS)

- A fundamental attack type

Authentication bypass

- Take advantage of weak or faulty authentication

Directory traversal

- Faulty configurations put data at risk

Remote code execution

- Take advantage of unpatched systems

- Attack the application

Web application attacks have increased

- Log4j and Spring Cloud Function

- Easy to exploit, rewards are extensive

Cross-site scripting (XSS)

- Take advantage of poor input validation

Out of bounds write

- Write to unauthorized memory areas

- Data corruption, crashing, or code execution

SQL injection

- Get direct access to a database

Attack the application

Web application attacks have increased

- Log4j and Spring Cloud Function

- Easy to exploit, rewards are extensive

Cross-site scripting (XSS)

- Take advantage of poor input validation

Out of bounds write

- Write to unauthorized memory areas

- Data corruption, crashing, or code execution

SQL Injection

- Get direct access to a database

aaaaa

aaaaa