您好,欢迎访问三七文档
当前位置:首页 > IT计算机/网络 > 网络安全 > CSA顶级云安全威胁网络安全英文版201760页
CLOUDSECURITYALLIANCETheTreacherous12-TopThreatstoCloudComputing+IndustryInsights©2017,CloudSecurityAlliance.Allrightreserved.1©2017CloudSecurityAlliance–AllRightsReservedAllrightsreserved.Youmaydownload,store,displayonyourcomputer,view,print,andlinktoTheTreacherous12-CloudComputingTopThreatsin2016at:(a)theReportmaybeusedsolelyforyourpersonal,informational,non-commercialuse;(b)theReportmaynotbemodifiedoralteredinanyway;(c)theReportmaynotberedistributed;and(d)thetrademark,copyrightorothernoticesmaynotberemoved.YoumayquoteportionsoftheReportaspermittedbytheFairUseprovisionsoftheUnitedStatesCopyrightAct,providedthatyouattributetheportionstoTheTreacherous12-CloudComputingTopThreatsin2016.ThepermanentandofficiallocationforCloudSecurityAllianceTopThreatsresearchis©2017,CloudSecurityAlliance.Allrightreserved.2Acknowledgments.................................................................................................................................................5ExecutiveSummary...............................................................................................................................................6Methodology.............................................................................................................................................................81.DataBreaches.............................................................................................................................................92.InsufficientIdentity,CredentialandAccessManagement.....................................................123.InsecureInterfacesandAPIs..............................................................................................................154.SystemVulnerabilities..........................................................................................................................175.AccountHijacking..................................................................................................................................196.MaliciousInsiders...................................................................................................................................217.AdvancedPersistentThreats...............................................................................................................238.DataLoss....................................................................................................................................................259.InsufficientDueDiligence...................................................................................................................2710.AbuseandNefariousUseofCloudServices..................................................................................3011.DenialofService.....................................................................................................................................3212.SharedTechnologyVulnerabilities...................................................................................................34ContentsCLOUDSECURITYALLIANCETheTreacherous12-TopThreatstoCloudComputing+IndustryInsights©2017,CloudSecurityAlliance.Allrightreserved.3Acknowledgments..............................................................................................................................................37ExecutiveSummary............................................................................................................................................38.Boxmismanagementofinvitelinks-DataBreaches..........................................................................................................................................39Yahoobreach-DataBreaches..........................................................................................................................................40LinkedInfailuretosaltpasswordswhenhashing-InsufficientIdentityCredentialAccessManagement..............................................................41Instagramabuseofaccountrecovery-InsufficientIdentityCredentialAccessManagement.............................................................42MongoDBMexicanvoterinformationleak-InsufficientIdentityCredentialAccessmanagement..............................................................43MongoDBunprotected,attackedbyransomware-InsufficientIdentityCredentialAccessManagement.............................................................44Moonpiginsecuremobileapplication-InsecureInterfaceandAPIs................................................................................................................45DirtyCowLinuxprivilegeescalationvulnerability-SystemVulnerabilities...............................................................................................................
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
zhaoyu1979
本文标题:CSA顶级云安全威胁网络安全英文版201760页
链接地址:https://www.777doc.com/doc-6811234 .html