Top Security Perils When Moving an Application to the Cloud: Secure Communication
Posted by hyperguard on January 1, 2010
The third security peril is secure communication, i.e. secure session management or encryption. Internally, the application had only trusted users, and all communication was trusted in the sense that all other users were no security risk. However, there is variety of typical web application vulnerabilities that target communication problems, for example, insecure implementations of session management (i.e. insecure session cookies), improper use of encrypted communication (i.e. SSL, key management). If the application moves to the cloud all relevant aspects of the communication have to be evaluated. Implementation of secure communication channels have to be done the right way. This could either be implemented within the application itself by using secure frameworks or in front of the application in a so-called web application firewall.
Follow the discussion on Twitter @hyperguard.