User login

Search Projects

Project Members

Matt Hunter admin

Security vulnerabilities in cloud storage

There has been a large rise in cloud computing services and in particular cloud storage services over the last few years. Products like Dropbox and Google Drive are becoming more and more prevalent as everyone begins to use their services. The nature of the services means that there is often a large amount of personal data stored on the cloud servers. Because Cloud storage is still a new and growing field it means that there is still a large potential for new undiscovered exploits to be found. These two facts mean that they are a very attractive target for criminals looking to maliciously use your data.

This project will attempt to investigate and find common security vulnerabilities in these growing cloud storage services. After any vulnerabilities are found they are then reported, to ensure that these cloud services storages can remain safe and effective in the future.




This week I spent copying some of my hard copy paper flow chart documentation to digital versions

I also compiled a list of possible security vulnerabilities in cloud services and prioritised them.

Finally I began working on my presentation to give to the Comp520 Class this wednesday




This week i began automated testing of cloud services with the use of my automation script ive been writing for the past few weeks.

I also began looking at session Id analysis

And finally i started (but didnt get very far) formally writing down what I've discovered in anticipation of my final report




No honours work this week. Trying to get 560 and the FPGA board working properly




This week I began the creating an automatic script to test cloud software for vulnerablilities. Although It is not yet finished I don't invisage it taking to much longer




This week i continued to investigate the data structures used to transfer infomation between the cloud and the client. As well as looking at client side javascript cloud services use to make their services work




The first half of this week I was exploring different tools that can be used for my project. Some of these tools included the tor browser for anonymity, a large range of Firefox add-ons preforming a range of functions such httpfox for viewing and modifying cookies and params submitted by the browser, and some low level network tools such as netcat and openssl for writing scripts to interact with the drive webservers through http requests on the command line.

The Second half of the week I began to scope my target google drive, I began collating the structure of the site, with infomation such as the urls and parameters used, as well as further research into web specific attacking techniques such as Cookie "Bit diddling"(Real term from Hacking Web Applications Exposed)