As we have discussed the general security-testing plan, it's also suggested to prepare security-testing instructions based on the specific domain. Each domain requires different kinds of security-testing tools and approaches. Generally, there are the web, virtualization, firmware, big data, privacy, and IoT security domains.
Web services are the most common presentation of applications and cloud services. Almost all the cloud services are presented with Web UI, which can be easily managed by any browser without installing a client application. Besides, the restful API communication that is used for inter-services communication is also built on top of HTTPS. The web security can be seen as the foundation of cloud services. When it speaks to web security, we have to be familiar with the Open Web Application Security Project (OWASP) Top 10, which lists the...