The cloud

Written on 9 April 2017, 08:34pm

Tagged with: , , ,

A little bit of research about the cloud – the metaphor for a service for which the underlying mechanics don’t need to be known and where everything is about functionality provided to the customer.

The generally quoted definition from NIST (National Institute of Standards and Technology) defines the following properties:

Essential Characteristics:
– On-demand self-service
– Broad network access
– Resource pooling
– Rapid elasticity
– Measured service

Service Models:
– Software as a Service (SaaS)
– Platform as a Service (PaaS)
– Infrastructure as a Service (IaaS)

Deployment Models:
– Private cloud
– Public cloud
– Hybrid cloud
– Community cloud

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

Refresher: CSRF vs XSS examples
CSRF – a GET request to the bank site transferring $$$ to Mallory:
http://bank.com/transfer.do?to=Mallory&amount=1000 (OWASP)
XSS
– stored – a comment in a post
– reflected – a search keyword displayed in the search results