TOP 10 OWASP CLOUD NATIVE APPLICATION SECURITY

June 13th,2024 Written By Deepraj

Poorly set up cloud resources, containers, and orchestration platforms pose security risks that attackers can exploit .

[{"selector":"#anim-d958524e-ed71-498f-94c4-9ace8fba599e","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-1b8a53e1-1391-4265-a457-e504178b742c","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-50d09813-f129-4cd9-a0a1-bd69fbb2e880","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-69cc5a57-4219-40c1-a052-d1e505a31f41","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Injection flaws arise when untrusted data is treated as executable code or commands, opening avenues for attacks such as SQL injection, command injection, and cross-site scripting .

[{"selector":"#anim-d985af79-268e-4a71-92c8-5c4818a1cdad","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-aea179e2-b7b3-4848-aa7b-92f79ee5197f","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-efe2e079-3789-4096-9514-2f84f3602732","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-7e401334-79b5-4499-a369-3bc603d62c8a","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Weak authentication and authorization controls enable unauthorized access to sensitive data or functions and hardcoded credentials.

[{"selector":"#anim-95e6fd76-48a8-4ff9-a9bf-abff0c17bbf4","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6f5cc3f1-c0d3-4291-9d85-87152534dc8e","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-10b620be-8ab7-4c22-8f7d-f234abf9a579","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-730f8dd8-24b0-4fd4-8f29-3ec4a0c60fbb","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

The CI/CD pipeline and software supply chain are crucial in cloud-native development but can be vulnerable.

[{"selector":"#anim-6c622172-24ce-4a6a-ac57-14fef6ce5bc4","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-55bda19f-4ca1-4977-b41a-61fc88d61a75","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-64b349da-1234-4770-bd63-c5045695c1d9","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-75cdf8e7-4083-4636-832a-aaabd8bf2f0a","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

API keys, passwords, and tokens are vital for cloud-native apps but can be stolen if not securely stored, compromising application security.

[{"selector":"#anim-f48ca40b-90dd-4543-b2d6-dc6e42761c84","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-4ee317e4-1404-4329-8e87-2c5b104f93cf","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-090f60a7-cfb0-485f-b4b4-a716d326f2cc","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-a28d53a4-4ec4-4687-aea3-4f8cfb52224d","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Overly permissive network policies in cloud-native applications enable attackers to move laterally and access sensitive resources.

[{"selector":"#anim-4dc98fd2-d072-4040-be4b-d82fe3df5f7b","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f82f24b1-0ae6-43ff-ab7a-1b0ef1d22027","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6853ea83-78a5-4618-b23d-c164c4637de9","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-1333b3e4-fd50-4c61-b4f1-2cd6214b8a5c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Cloud-native apps use various components that, if not properly managed, can lead to security vulnerabilities.

[{"selector":"#anim-908e4e01-2ec8-44db-8edb-21e8b6b82b5e","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-51fbb26a-95ae-4cb7-bbb1-15853fc69eff","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-afb767e2-09a0-4bb3-a081-627524827151","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-3417ea68-98fa-4992-aa2e-617193925dff","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Managing assets like containers, images, and logs in cloud-native applications is crucial to prevent vulnerabilities from being exploited due to neglect or mismanagement.

[{"selector":"#anim-0a591960-fe81-42ef-8d54-006763cab765","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-28814404-966e-41a8-96d5-4ec5436fadc6","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a74a2eed-3e4d-41ae-b649-0407d3206a26","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-0e60e0be-6785-4812-9ab9-8a22167c5e8e","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Improperly set resource quotas in cloud-native applications can result in denial-of-service (DoS) attacks due to excessive resource consumption.

[{"selector":"#anim-8975e48d-f0b7-40e8-ae8e-085c2a15933d","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-36a0423c-5768-4c27-b719-3716f6363c5c","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-55394b74-d8cd-431c-ae15-9fc326d5b029","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-d9e308bc-b1c5-4bee-bc44-b35b365979c7","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Effective logging and monitoring are vital for detecting security incidents in cloud-native applications.

[{"selector":"#anim-70eae1ad-27b7-42ac-b34c-118910d7ed10","keyframes":{"transform":["translate3d(-116.88312%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-938ed91e-1166-47f1-bd9b-1ef2d8a2b0d9","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-e460f83d-034f-4cf3-a0cb-ffde9eca85ce","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] [{"selector":"#anim-674cc593-333a-4caf-add0-2fb9720a364c","keyframes":{"opacity":[0,1]},"delay":0,"duration":600,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}]

Don't Go It Alone: Partner with Cloud Security Experts for Maximum Protection.

[{"selector":"#anim-7ef68ab7-42da-4739-b256-c5dfecebdf07","keyframes":{"transform":["translate3d(-102.55754%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d0952a5d-4efe-4457-9745-c876aff51ca5","keyframes":{"opacity":[0,1]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"both"}] [{"selector":"#anim-33aaef52-373b-4009-b318-6664622023d7","keyframes":{"transform":["scale(0.15)","scale(1)"]},"delay":0,"duration":1000,"easing":"cubic-bezier(0.4, 0.4, 0.0, 1)","fill":"forwards"}] Learn more

TOP 10 OWASP CLOUD NATIVE APPLICATION SECURITY

Poorly set up cloud resources, containers, and orchestration platforms pose security risks that attackers can exploit .

Insecure cloud, container or orchestration configuration

1

Injection flaws arise when untrusted data is treated as executable code or commands, opening avenues for attacks such as SQL injection, command injection, and cross-site scripting .

Injection flaws

2

Weak authentication and authorization controls enable unauthorized access to sensitive data or functions and hardcoded credentials.

Improper authentication & authorization

3

The CI/CD pipeline and software supply chain are crucial in cloud-native development but can be vulnerable.

CI/CD pipeline & software supply chain flaws

4

API keys, passwords, and tokens are vital for cloud-native apps but can be stolen if not securely stored, compromising application security.

Insecure secrets storage

5

Overly permissive network policies in cloud-native applications enable attackers to move laterally and access sensitive resources.

Over-permissive or insecure network policies

6

Cloud-native apps use various components that, if not properly managed, can lead to security vulnerabilities.

Using components with known vulnerabilities

7

Managing assets like containers, images, and logs in cloud-native applications is crucial to prevent vulnerabilities from being exploited due to neglect or mismanagement.

Improper assets management

8

Improperly set resource quotas in cloud-native applications can result in denial-of-service (DoS) attacks due to excessive resource consumption.

Inadequate 'compute' resource quota limits

9

Effective logging and monitoring are vital for detecting security incidents in cloud-native applications.

Ineffective logging & monitoring

10

Don't Go It Alone: Partner with Cloud Security Experts for Maximum Protection.