User login
Search Projects
Project Members
Matt Hunter | admin |
Security vulnerabilities in cloud storage
There has been a large rise in cloud computing services and in particular cloud storage services over the last few years. Products like Dropbox and Google Drive are becoming more and more prevalent as everyone begins to use their services. The nature of the services means that there is often a large amount of personal data stored on the cloud servers. Because Cloud storage is still a new and growing field it means that there is still a large potential for new undiscovered exploits to be found. These two facts mean that they are a very attractive target for criminals looking to maliciously use your data.
This project will attempt to investigate and find common security vulnerabilities in these growing cloud storage services. After any vulnerabilities are found they are then reported, to ensure that these cloud services storages can remain safe and effective in the future.
05
Jul
2013
This week I spent copying some of my hard copy paper flow chart documentation to digital versions
I also compiled a list of possible security vulnerabilities in cloud services and prioritised them.
Finally I began working on my presentation to give to the Comp520 Class this wednesday
28
Jun
2013
This week i began automated testing of cloud services with the use of my automation script ive been writing for the past few weeks.
I also began looking at session Id analysis
And finally i started (but didnt get very far) formally writing down what I've discovered in anticipation of my final report
07
Jun
2013
No honours work this week. Trying to get 560 and the FPGA board working properly
03
May
2013
This week I began the creating an automatic script to test cloud software for vulnerablilities. Although It is not yet finished I don't invisage it taking to much longer
01
Apr
2013
This week i continued to investigate the data structures used to transfer infomation between the cloud and the client. As well as looking at client side javascript cloud services use to make their services work
08
Mar
2013
The first half of this week I was exploring different tools that can be used for my project. Some of these tools included the tor browser for anonymity, a large range of Firefox add-ons preforming a range of functions such httpfox for viewing and modifying cookies and params submitted by the browser, and some low level network tools such as netcat and openssl for writing scripts to interact with the drive webservers through http requests on the command line.
The Second half of the week I began to scope my target google drive, I began collating the structure of the site, with infomation such as the urls and parameters used, as well as further research into web specific attacking techniques such as Cookie "Bit diddling"(Real term from Hacking Web Applications Exposed)