- Overview
- Project Objectives
- Technologies Involved
- Tools Used
- Methodology
- Key Findings
- Threat Model Summary
- Cloud Security Mapping
- Architecture Overview
- Setup
- Future Improvements
- Assumptions & Limitations
- Key Takeaways
- Disclaimer
- Author
This project presents a web vulnerability scanning and security assessment report focused on identifying risks before deploying an application to a cloud environment.
The objective is to adopt a shift-left security approach, ensuring that common web application vulnerabilities and misconfigurations are addressed early to reduce cloud attack surfaces.
The assessment is conducted in a controlled lab environment using deliberately vulnerable applications and industry-standard security tools.
- Identify common web application vulnerabilities prior to cloud deployment
- Analyze risks aligned with OWASP Top 10
- Provide actionable remediation and pre-cloud hardening recommendations
- Map application vulnerabilities to cloud-native security controls
- HTTP / HTTPS
- HTML
- JavaScript (client-side behavior analysis)
- REST-style web requests and responses
- Deliberately vulnerable web applications such as:
- OWASP Juice Shop
- DVWA
- Backend technologies used by the test applications:
- Node.js / PHP
No custom application development is performed. The focus is on security assessment and analysis.
The following industry-standard tools were used during the assessment:
- OWASP ZAP β Primary automated and manual vulnerability scanner
- Burp Suite (Community Edition) β Manual request inspection and validation
- Nikto β Web server and configuration vulnerability scanning
- Nmap β Basic network and service exposure identification
All tools were used in a non-intrusive and ethical testing environment.
The assessment follows a structured security testing approach:
-
Reconnaissance & Application Mapping
- Identify application endpoints and functionality
-
Automated Scanning
- Detect common vulnerabilities and misconfigurations
-
Manual Validation
- Verify findings to reduce false positives
-
Risk Classification
- Assess severity and potential impact
flowchart TB
User[End User / Attacker]
Internet[Internet]
WAF[Web Application Firewall]
APIGW[API Gateway / Load Balancer]
App[Web Application<br/>Node.js / Express]
DB[(Database)]
Storage[(Object Storage)]
Logs[Logging & Monitoring]
User --> Internet
Internet --> WAF
WAF --> APIGW
APIGW --> App
App --> DB
App --> Storage
App --> Logs
WAF --> Logs
APIGW --> Logs
The assessment identified multiple vulnerabilities aligned with the OWASP Top 10, including:
- SQL Injection
- Cross-Site Scripting (XSS)
- Broken Authentication
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Security Headers
Each finding includes:
- Description
- Severity level
- Technical impact
- Critical Vulnerabilities: findings/Critical_Vulnerabilities.md
- High Risk Findings: findings/High_Risk_Findings.md
- Medium Risk Findings: findings/Medium_Risk_Findings.md
- Low Risk Findings: findings/Low_Risk_Findings.md
- OWASP ZAP: scan-results/OWASP_ZAP_Scan_Results.md
- Nikto: scan-results/Nikto_Scan_Output.md
- Burp Suite: scan-results/Burp_Suite_Findings.md
- Nmap: scan-results/Nmap_Service_Discovery.md
- Executive Summary: reports/Executive_Summary.md
- Full Assessment Report: reports/Full_Security_Assessment_Report.md
- Vulnerability Details: reports/Vulnerability_Details.md
- Application Fixes: remediation/Application_Level_Fixes.md
- Configuration Hardening: remediation/Configuration_Hardening.md
Recommendations are provided at multiple levels:
- Application-level remediation
- Security configuration improvements
- Pre-cloud deployment hardening measures
- Secure handling of authentication and data
- External attackers
- Automated bots
- Malicious authenticated users
- Injection attacks (SQLi, command injection)
- Authentication bypass
- Insecure file uploads
- Excessive permissions
- User credentials
- Personally Identifiable Information (PII)
- Application source logic
- Backend infrastructure
- Internet β WAF
- WAF β Application
- Application β Database
- Application β Object Storage
Each vulnerability is mapped to cloud-native mitigation strategies, such as:
- Web Application Firewall (WAF) rules
- Secure access control and identity management
- Network exposure reduction
- Secure deployment best practices
This demonstrates how addressing issues early improves cloud security posture.
This project does not require custom code execution.
Optional setup for testing:
- Deploy OWASP Juice Shop or DVWA locally or in a lab environment
- Run scanning tools with default configurations
- Analyze and document findings
All security testing was performed in a controlled lab environment using intentionally vulnerable web applications.
No production or real-world systems were tested.
Used for automated vulnerability discovery and baseline testing.
zap.shSteps:
- Configure browser proxy to
127.0.0.1:8080 - Spider the target application
- Run Active Scan
- Export scan results
Used to identify server-side misconfigurations and insecure defaults.
nikto -h http://localhost:3000Used for manual validation and business logic testing.
Steps:
- Configure browser proxy (
127.0.0.1:8080) - Intercept requests
- Modify parameters using Repeater
- Validate exploitability manually
Used to identify exposed services and open ports.
nmap -sS -sV -Pn -T4 localhost- Integrate SAST and dependency scanning (Snyk, Semgrep)
- Add container security scanning
- Implement CI/CD security gates
- Expand cloud security mapping for Azure and GCP
- Perform authenticated scanning and role-based testing
- Testing performed in an isolated lab environment
- No denial-of-service testing conducted
- Cloud deployment simulated, not production
- Findings based on time-boxed assessment
- Performed a full pre-cloud security assessment combining automated scanning and manual validation
- Identified and triaged vulnerabilities using OWASP Top 10 and CVSS
- Demonstrated defense-in-depth by combining application fixes with cloud-native controls
- Mapped application risks to AWS security services (WAF, IAM, Secrets Manager, Monitoring)
- Highlighted limitations of automated tools through false-positive analysis
This project is created strictly for educational and portfolio purposes.
- No real-world or production systems were tested
- No sensitive or confidential data is included
- All activities were conducted in a controlled lab environment
Sakshat S
Aspiring Cloud Security Engineer
Focused on pre-cloud security, risk reduction, and secure cloud adoption