A Proposed Framework of VAPT Services in Web Application Deployed on Infrastructure as a Service (Iaas)

Abstract

Most companies in Malaysia require their employees to work from home due to the COVID-19 pandemic. This situation also increased the number of data generated from various sources, thus exposing them to different security risks. Even though the employees are encouraged to work from home because of the COVID-19 pandemic, they still need to communicate among themselves to do their work. However, working from home depends mainly on cloud computing (CC) applications that help employees accomplish their daily work efficiently. Injection attacks, such as SQL injection and Cross-Site Scripting (XSS), are critical security vulnerabilities that can lead to unauthorized access, data breaches, and potential service disruptions in web applications. With the increasing adoption of cloud computing, web applications deployed on cloud platforms like Amazon Web Services (AWS) are becoming more prevalent and vulnerable to such attacks. Therefore, it is crucial to develop practical Vulnerability Assessment and Penetration Testing (VAPT) techniques specifically tailored to identify and detect injection vulnerabilities in web applications deployed on AWS. However, existing VAPT methodologies often need more comprehensive coverage for injection vulnerabilities in cloud-based web applications, and they may not consider the unique characteristics and challenges associated with the AWS environment. This research addresses this gap by proposing an enhanced VAPT framework focusing specifically on injection attacks in web applications deployed on AWS.