Web Application Security Threats and Mitigation Strategies when Using Cloud Computing as Backend

Cloud computing plays an important role in businesses' digital transformation as they offer easy-to-use services that save time and effort. Despite incredible features that are provided by cloud computing platforms, these platforms become the desirable target of attackers. This study aims to survey the literature for security threats related to web applications that have been developed using cloud computing services and then provide a set of recommendations to mitigate these threats. In this study, we first surveyed the literature for documented cases of threats faced while relying on cloud computing, then an online survey was sent to Computer Science students and web developers. The survey's questions were related to web threats whether they are aware of these threats or not and whether they have already applied any prevention measures for these threats. Then, a set of recommendations were provided that can help them to mitigate these threats. Finally, a tool was designed for generating security policies for the Broken Access Control threat for Firebase. Eighty-five responses were considered for this study. The average participants' awareness of all threats is 61 % despite 92% of participants having taken at least one security course. The main causes for neglecting to implement mitigation techniques was the lack of training and that developers are relying on the web services to provide security measures, then comes the process being time-consuming. The designed tool for mitigating Broken Access control showed promising results to ease the implementation of mitigation techniques. We conclude that due to the lack of awareness and negligence in implementing mitigation techniques, many present web apps may be compromised. Developing security tools for novice users, whenever possible, provides a solution for the main causes of the neglect to implement such measures and should be investigated further.