Background: Cloud SaaS becomes a susceptible target because its shares the application access and data among various tenants. So the careful security testing is necessary to avoid the security problems .As per the recent Survey done by OWASP reveals that SQL injection and Cross Site Scripting (XSS) are two of the most serious vulnerabilities in cloud based applications today, because of most dangerous attacks gets exploited and steal the user’s credentials such as cookie, credit card number etc.In order to mitigate these security vulnerabilities cloud service providers adopt a number of vulnerability prediction and detection approaches based on static and dynamic analysis techniques. These existing security mechanisms cannot alleviate attacks targeting cloud based applications. which focused on theoretical as well as practical solutions for certain security problems. The developers are necessary to ensure the delivery of safe applications also need to identify potential security issues within the applications before the stored in cloud environment. Method: Security testing is an effective mechanism to find out how vulnerable a Cloud based SaaS may be and to determine whether SaaS offering is Susceptible to XSS and resources are protected from intruders. The proposed work provides the automated Security testing by providing vulnerability detection and prediction model. The proposed Hybrid attributes are static and dynamic, the use of dynamic attributes to complement static attributes in the prediction of vulnerabilities. Findings: This paper propose a prediction models by collecting the static and dynamic attributes that are based on classification in order to predict SQLI and XSS vulnerabilities. Improvement: In order to improve the current work we proposed a hybrid attributes such as dynamic attributes to complement static attributes in the prediction of vulnerabilities in cloud based applications. By efficiently using the developed prototype tool for data collection and its used to evaluate our models on six open source cloud based applications. Based on the experiments average results states that the best predictor is MLP which achieved a pd=72%, pf=12% for predicting SQL Injection and pd=82%, pf=19% for predicting XSS Cross Site Scripting. The results of our experiments states that our prediction model is an ease and effective technique to predict and detect the SQLI and XSS vulnerabilities in Cloud applications.
Read full abstract