首页 > 资料专栏 > IT > IT技术 > 信息技术 > CSA_顶级云安全威胁(网络安全)(英文版)2017_60页

CSA_顶级云安全威胁(网络安全)(英文版)2017_60页

lingyun***
V 实名认证
内容提供者
热门搜索
资料大小:4696KB(压缩后)
文档格式:WinRAR
资料语言:中文版/英文版/日文版
解压密码:m448
更新时间:2019/9/2(发布于广东)

类型:积分资料
积分:10分 (VIP无积分限制)
推荐:升级会员

   点此下载 ==>> 点击下载文档


文本描述
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.1
2017 Cloud Security Alliance – All Rights Reserved
All rights reserved. You may download, store, display on your computer, view, print, and link to The Treacherous
12 - Cloud Computing Top Threats in 2016 at https://cloudsecurityalliance/download/the-treacherous-twelve-
cloud-computing-top-threats-in-2016/, subject to the following: (a) the Report may be used solely for your
personal, informational, non-commercial use; (b) the Report may not be modifed or altered in any way; (c) the
Report may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may
quote portions of the Report as permitted by the Fair Use provisions of the United States Copyright Act, provided
that you attribute the portions to The Treacherous 12 - Cloud Computing Top Threats in 2016.
The permanent and ofcial location for Cloud Security Alliance Top Threats research is
https://cloudsecurityalliance/group/top-threats/
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.2
Acknowledgments. 5
Executive Summary........... 6
Methodology. 8
1. Data Breaches......... 9
2. Insufcient Identity, Credential and Access Management..... 12
3. Insecure Interfaces and APIs.. 15
4. System Vulnerabilities.. 17
5. Account Hijacking.......... 19
6. Malicious Insiders........... 21
7. Advanced Persistent Threats... 23
8. Data Loss.... 25
9. Insufcient Due Diligence....... 27
10. Abuse and Nefarious Use of Cloud Services.......... 30
11. Denial of Service. 32
12. Shared Technology Vulnerabilities... 34
Contents
CLOUD SECURITY ALLIANCE The Treacherous 12 - Top Threats to Cloud Computing + Industry Insights
2017, Cloud Security Alliance. All right reserved.3
Acknowledgments.......... 37
Executive Summary........ 38
.
Box mismanagement of invite links -
Data Breaches...... 39
Yahoo breach -
Data Breaches...... 40
LinkedIn failure to salt passwords when hashing -
Insufcient Identity Credential Access Management.. 41
Instagram abuse of account recovery-
Insufcient Identity Credential Access Management. 42
MongoDB Mexican voter information leak -
Insufcient Identity Credential Access management.. 43
MongoDB unprotected, attacked by ransomware -
Insufcient Identity Credential Access Management. 44
Moonpig insecure mobile application -
Insecure Interface and APIs.... 45
Dirty Cow Linux privilege escalation vulnerability -
System Vulnerabilities.. 46
OAuth Insecure implementation -
Account Hijacking ........ 47
Zynga ex-employees alleged data theft -
Malicious Insiders........... 48
2017 Edition:
Industry Insights。