• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Cloud Security – The Next Big Thing? Fortify Readiness Scorecard

May 19, 2010

Views: 7,795

[ad]

With the paradigm shifting, especially for high traffic or high availability web applications, towards cloud computing – will Cloud Security become the next big thing?

We’ve already seen how you can use a cloud platform like Amazon EC2 for password cracking. So with a lot of companies moving to 3rd party cloud platforms, I’m sure security and data privacy is a concern.

Fortify are addressing this with a free add-on for their existing Fortify 360 product.

Fortify Software has come up with a way for companies interested in moving their applications to a cloud provider can analyse it line by line for security-worthiness in the new environment.

The Readiness Scorecard is effectively a free add-on for the company’s software assurance products, Fortify 360, and the online Fortify on Demand assurance service, able to give companies a vulnerability rating for software as if it was running in a cloud environment. Aren’t code vulnerabilities the same whether they are in the cloud or inside a corporate network?

According to Fortify chief scientist and founder, Brian Chess, the cloud questions coding assumptions that would have been reasonable when an application was originally written. Applications can communicate with one another using insecure protocols, while assumed infrastructure such as DNS servers will in the cloud model be shared and beyond the oversight of the IT department.

I would expect the same, if an application is inherently secure and well programmed with sanitized inputs etc, it should be secure on a regular host and on a cloud computing platform. But then there are inherent risks with a cloud platform such as the way in which the nodes communicate with each other and as mentioned – how DNS is handled.

It’s good practice though to make sure an application assumes less trust when on a cloud platform, make sure all communications are encrypted securely (for example between the front-end and the database) and any data written to the file system is also done securely with correct permissions.

In short, software has to assume less trust and the vulnerability of data must be pinpointed precisely. “When you move to the cloud, your risk profile changes,” said Chess.

The point of the Readiness Scorecard is to give in-house teams a list of both minor and major fixes needed before a given application can be run in the cloud in a way that minimises such risk, he said.

“Like immunising themselves against infection, cloud providers can use Fortify 360 or Fortify on Demand to ensure that bad code introduced by one or more customers doesn’t contaminate their cloud offering,” said Chess.

Current Fortify customers would get access to the Scorecard free of cost from later this quarter while new users would have the feature bundled with subscriptions.

Anyway, if you’re considering moving something to a cloud platform – you could use this tool from Fortify..or not. Just be aware that the risk profile for your application is changing and that you should take precautions to ensure you remain secure.

It’s also important for cloud providers themselves to make sure their platform is configured securely to increase customer security and integrity. As it’s a fairly new model I’d say we still have some way to go with this, it’s definitely the way forward for hosting sites prone to large spikes though.

Source: Network World

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Networking Hacking Tools, Web Hacking Tagged With: cloud computing, cloud security, web-application-security



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 330

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 627

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 571

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 607

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 462

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 691

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,298,146)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,106)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,640)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,528)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,171)
  • Hack Tools/Exploits (673,301)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,185)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy