A survey on vulnerability assessment tools and databases for cloud-based web applications

Abstract

Due to its various offered benefits, an ever increasing number of applications are migrated to the cloud. However, such a migration should be carefully performed due to the cloud’s public nature. Further, due to the agile development cycle that applications follow, their security level might not be the best possible, exhibiting various sorts of vulnerability. As such, to better support application migration and runtime provisioning, this article supplies three main contributions. First, it attempts to connect vulnerability management to the application lifecycle so as to highlight the exact moments where application vulnerability assessment must be performed. Second, it analyses the state-of-the-art open-source tools and databases so as to enable developers to make an informed decision about which ones to select. In this sense, discovering such vulnerabilities will enable to better secure applications before or after migrating them to the cloud. The analysis conducted is quite rich, covering various aspects and a rich sets of criteria. Third, it explores the claim that vulnerability scanning tools need to be orchestrated to reach the highest possible vulnerability coverage, both in terms of extend and breadth. Finally, this article concludes with some challenges that current vulnerability tools and databases need to face to increase their added-value and applicability level.