ASSIGNMENT 2 FRONT SHEET

Qualification BTEC Level 5 HND Diploma in Computing

Unit number and title Unit 16: Cloud computing

Submission date Date Received 1st submission

Re-submission Date Date Received 2nd submission

Student Name Nguyen Hoai Nam Student ID GCS190817

Class GCS0901 Assessor name Nguyen Ngoc Tu

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand
that making a false declaration is a form of malpractice.

Student’s signature Nam

Grading grid

P3 P4 M3 M4 D3 D4
❒ Summative Feedback: ❒ Resubmission Feedback:

Grade: Assessor Signature: Date:

Lecturer Signature:
 ASSIGNMENT 2 BRIEF
Qualification BTEC Level 5 HND Diploma in Computing

Unit number Unit 16: Cloud Computing

Assignment title Cloud’s implementation and security threats

Academic Year 2022 – 2023

Unit Tutor Nguyen Hoai Nam

Issue date Submission date 04-03-2022

IV name and date

Submission Format:

Format:
A report(in PDF format)
You must use font Calibri size 12, set number of the pages and use multiple line spacing at
1.3. Margins must be: left: 1.25 cm; right: 1 cm; top: 1 cm and bottom: 1 cm. The reference
follows Harvard referencing system.
Submission Students are compulsory to submit the assignment in due date and in a way requested by
the Tutors. The form of submission will be a soft copy posted on
http://cms.greenwich.edu.vn/
Note: The Assignment must be your own work, and not copied by or from another student or from
books etc. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style. Make sure that you know how to reference properly,
and that understand the guidelines on plagiarism. If you do not, you definitely get failed

Unit Learning Outcomes:

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools.

LO4 Analyse the technical challenges for cloud applications and assess their risks

Assignment Brief and Guidance:

Task 1

Base on the scenario and architecture design in the first assignment provide the implementation.
Because of the time constraint of the assignment, the implementation just provides some demo
functions of the scenario. The implementation includes two parts:

• A step by step instruction

o which shows which functions are implemented
o How to config, deploy and test the services (Web application, Database Server, Source
code management, server logs..) using service provider’s frameworks and open source
tools.
o Images for the built functions
• A brief discussion about difficulties which one can face during the development process(optional)
• The source code for the built application

Task 2

The table of contents in your security manual (which should be 500–700 words) should be as follows:
1. Analysis of the most common problems and security issues of a cloud computing platform.
2. Discussion on how to overcome these issues.
3. Summary.
 Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO3 Develop Cloud Computing solutions using service provider’s frameworks

and open source tools
P5 Configure a Cloud Computing
platform with a cloud service
provider’s framework.
D2 Critically discuss how one can
M3 Discuss the issues and overcome these issues and
constraints one can face during the constraints.
development process.

P6 Implement a cloud platform using

open source tools.

LO4 Analyse the technical challenges for cloud applications and assess their
risks

P7 Analyse the most common M4 Discuss how to overcome these D3 Critically discuss how an
problems which arise in a Cloud security issues when building a organisation should protect their
Computing platform and discuss secure cloud platform. data when they migrate to a cloud
appropriate solutions to these solution.
problems.
P8 Assess the most common security
issues in cloud environments.
 Table of Contents
Introduction ................................................................................................................................................................
11
1. Configure a Cloud Computing platform with a cloud service provide framework [P5]. ........................................
11
1.1. Create a new Heroku account ......................................................................................................................... 12

1.2. Working with Heroku .......................................................................................................................................

15
1.2.1. Create a new application .......................................................................................................................... 15
1.2.2. The overview tabs ..................................................................................................................................... 17
1.2.3. The resource tabs ...................................................................................................................................... 18
1.2.4. An overview on Dyno types ...................................................................................................................... 19
1.2.5. Connect app to database add-on.............................................................................................................. 20
1.3. Connect Heroku to your working directory ..................................................................................................... 24
1.4. Migration of ATN system to Heroku ................................................................................................................ 24
1.4.1. Functions of ATN system to Heroku ......................................................................................................... 24
1.4.2. Deployment model ................................................................................................................................... 25

1.4.3. Migrate the ATN system to Heroku .......................................................................................................... 26

2. Implement a cloud platform using open-source tools (P6). ...................................................................................
50
 2.1. Visual Studio Code ............................................................................................................................................
51
2.1.1. Some features of Visual Studio .................................................................................................................. 51
2.2. GitHub ...............................................................................................................................................................
52
2.2.1. Some features of GitHub ........................................................................................................................... 52
2.2.3 Some Git concepts you need to know ...........................................................................................................
53
2.3. HeidiSQL ............................................................................................................................................................
53
2.3.1. Some outstanding features of HeidiSQL .................................................................................................... 54
2.4. Heroku ..............................................................................................................................................................
54
2.4.1. Some outstanding features Heroku ........................................................................................................... 54
3. The most common problems which arise in a Cloud Computing platform (P7). ...................................................
55
3.1. Problems from Cloud Provider Perspective ....................................................................................................
56
3.1.1. Data security, Privacy and Control Risks .................................................................................................... 56
3.1.2. Organizational risks .................................................................................................................................... 57

3.1.3. Technical risks ............................................................................................................................................ 58

3.1.4. Compliance and Audit ................................................................................................................................ 58

 3.1.5. Physical Security ........................................................................................................................................ 58
3.2. Risks from Cloud Customer Perspective ..........................................................................................................
59
3.2.1. Data security, Privacy and Control risks ..................................................................................................... 59
3.2.2. Technical risks ............................................................................................................................................ 59

3.2.3. Compliance and Audit ................................................................................................................................ 60

3.2.4. Physical Security ........................................................................................................................................ 60

3.3. Solution .............................................................................................................................................................

60
4. Security issues and solutions ..................................................................................................................................
62
4.1. Data security .....................................................................................................................................................
62
4.2. Malware Injection Attack ..................................................................................................................................
64
4.3. Authentication Attack .......................................................................................................................................
64
4.4. Cross-Site Scripting (XSS) and Cross-site request forgery (XSRF) attack .......................................................... 64
4.5. Broken access control .......................................................................................................................................
65
5. Conclusion ...............................................................................................................................................................
65
 References............................................................................................................................................. 66

Table of Figure
Figure 1 Form create account Heroku ........................................................................................................................
13
Figure 2 Set password Heroku ....................................................................................................................................
14
Figure 3 Notice of completion of registration ............................................................................................................
14
Figure 4 Login Heroku .................................................................................................................................................
15
Figure 5 Create new app .............................................................................................................................................
16
Figure 6 First setup for the app ..................................................................................................................................
17
Figure 7 Overview tab of a Heroku application ..........................................................................................................
17
Figure 8 Resource tabs of a Heroku application .........................................................................................................
18
Figure 9 Overview Dyno Types ...................................................................................................................................
19
Figure 10 Search and selecting an add-ons ................................................................................................................
21
Figure 11 Submit order form ......................................................................................................................................
22
Figure 12 Check database has been added ................................................................................................................
23
Figure 13 Connect Heroku to GitHub..........................................................................................................................
24
Figure 14 ATN system Client-Server model ................................................................................................................
25
Figure 15 Enter your personal details .........................................................................................................................
27
Figure 16 Account GitHub Verification .......................................................................................................................
28
Figure 17 Enter detail repository ................................................................................................................................
29
Figure 18 Download GitHub Desktop .........................................................................................................................
30
Figure 19 Add local repository on GitHub Desktop ....................................................................................................
30
Figure 20 Source code Commit and Push to GitHub ..................................................................................................
31
Figure 21 Connect application Heroku with repository GitHub .................................................................................
32
Figure 22 Deploys application .....................................................................................................................................
33
Figure 23 Download HeidiSQL ....................................................................................................................................
34
Figure 24 Collecting MySQL database information ....................................................................................................
34
Figure 25 Enter database server information .............................................................................................................
35
Figure 26 Overview data base ....................................................................................................................................
36
Figure 27 Insert data using an existing SQL file ..........................................................................................................
37
Figure 28 File config connect to MySQL server database ...........................................................................................
38
Figure 29 Overview website after deploys .................................................................................................................
38
Figure 30 Login customer interface ............................................................................................................................
39
Figure 31 Account setting interface ............................................................................................................................
40
Figure 32 View product interface ...............................................................................................................................
41
Figure 33 Order detail interface .................................................................................................................................
42
Figure 34 Card list interface ........................................................................................................................................
43
Figure 35 Ordered detail interface .............................................................................................................................
43
Figure 36 Sign up form interface ................................................................................................................................
44
Figure 37 Admin login form interface .........................................................................................................................
45
Figure 38 Form upload items interface ......................................................................................................................
46
Figure 39 Items management interface .....................................................................................................................
47
Figure 40 Customer management interface ...............................................................................................................
48
Figure 41 Customer order detail interface .................................................................................................................
49
Figure 42 Report total order detail .............................................................................................................................
50
Figure 43 Cloud Security Risk Categories and sub-Categories ...................................................................................
56
Figure 44 Cloud Computing Adoption Issues ..............................................................................................................
63
 ASSIGMENT 2

Introduction

In the scientific world, cloud computing has gotten a lot of interest. Cloud computing is a methodology for
providing on-demand network access to a shared pool of programmable computer resources that can be
deployed and released quickly and with little administration effort.

Sections of my report are as follows:

 A demonstration of how to use open-source tools to configure and install the cloud computing platform.
 An examination of the most frequent cloud computing platform issues.
 Solutions to these issues that have been proposed.
 The most frequent security issues in the cloud environment are examined.
 Discussion about how to deal with these problems.

1. Configure a Cloud Computing platform with a cloud service provide framework [P5].

Heroku is a cloud platform as a service (PaaS) that lets companies build, deliver, monitor, and scale apps. Heroku
bypasses infrastructure headaches he(Heroku.com, 2021).It enables companies and individuals to create,
manage, and deploy modern applications. Heroku's mission is to shorten and simplify the processes that
customers must go through in order to get their apps to market. There is no need for additional code, no need to
install the server, and no need to monitor the webserver; customers simply upload the application and proceed
to deploy it. Heroku automates the majority of the processes required to bring a piece of software to life. The
customer's job is simply to deploy the software and continue to expand and improve it.

Advantages of Heroku:

• Free to Start
• Easy to Use
• Easy to scale
• Powerful CLI
• Great Plugins & Third-Party Support

• It’s part of Salesforce

• Enterprise Support
In general, there are several steps to building an app on the Heroku platform:

 Step 1: Sign up for a Heroku account.

 Step 2: Create a new Heroku application.
 Step 3: Use Git to migrate your app from local to Heroku. ➢ Step 4: Include add-ons (Heroku Postgre,
ClearDB MySQL,...) ➢ Step 5: Make sure your application is complete.

1.1. Create a new Heroku account

Step 1: Visit https://signup.heroku.com/login

Step 2: Fill in the registration form correctly and completely (As shown in Figure 1).
 Figure 1 Form create account Heroku

Step 3: Verify your identity by going to your email and verifying as requested by Heroku.

Step 4: Confirm and set password via email. The password set must meet the requirements and standards as
shown in Figure 2.

Figure 2 Set password Heroku

Step 5: After successfully setting the password, you will receive this message (Figure 3). So, we have completed
the step of creating an account on Heroku.
 Figure 3 Notice of completion of registration

Step 6: Login to Heroku

https://id.heroku.com/login. Enter your email and password then click Login

 Figure 4 Login Heroku

That's all the steps to register as well as log in to Heroku, next we start working with Heroku to create an
application for the ATN system.

1.2. Working with Heroku

1.2.1. Create a new application

Step 1: Step one-click the "Create new app" button to create your first app and deploy (Figure 5).
 Figure 5 Create new app

Step 2: This is the step to name the application, the application name is unique, give it a name after the green
check appears that you can use, in addition, choose the location of the application server. These will be
applicable laws, regulations, as well as transmission speeds. Here I will choose US because it is closer to
Vietnam than EU (Figure 6).
Figure 6 First setup for the app
.2. The overview tabs

Figure 7 Overview tab of a Heroku application

.2.3 The resource tabs

Figure 8 Resource tabs of a Heroku application

1.2.4. An overview on Dyno types
 Figure 9 Overview Dyno Types
Heroku Dyno is divided into four categories. The cost of each type of Dyno is determined by the size and
complexity of your application; the larger and more complex your application is, the higher the cost. Below is a
comparison table between the different types:
Table 1 Compare packages categories
Type Free Hobby Standard Performance

Fee 0$ 7$/month 25$ - 250$-

50$/month 500$/month
RAM 512MB 512MB 512MB - 1GB 2.5GB-14GB

Number of 2 10 Unlimited Unlimited

process type
Hibernate Sleeps after 30 No No No
mins of
inactivity
Limit 500 hours per Unlimited Unlimited Unlimited
month

1.2.5. Connect app to database add-on

Step 1: Search and selecting an add-ons (Figure 10)
 Figure 10 Search and selecting an add-ons

Step 2: Select the database and select the option appropriate to the project then press Order. Here I choose the
database as ClearDB MySQL and use the 5MB available free plan for the database (Figure 11).
 Figure 11 Submit order form

Step 3: Check if the database has been added (Figure 12)

 Figure 12 Check database has been added

1.3. Connect Heroku to your working directory

 Figure 13 Connect Heroku to GitHub

1.4. Migration of ATN system to Heroku

As I describe my solution in assignment 1, the following section will mainly describe around the ideas including
functions, implementation model and also the migration of the system.

1.4.1. Functions of ATN system to Heroku

The functionality of the ATN system will be divided into two parts. The ATN system will have the functionalities
as follow:

User Section:

 Register
  Log in
 Change personal information, password, name, ...
 Add to cart
 Order products
 Check the bill
 Logout

Administrator Section:

 Log in to the management system

 Change Admin information: Change name, password, address, ...

 Add, edit and delete products
 View order statistics
 View order status
 View, delete user accounts list
 View order details
 View product detail
 Logout

1.4.2. Deployment model

Comparison between the old system and the system after deploying in the cloud

Client Computers that installed the Use a web browser when the
software internet is available
Server Servers provided by the ATN Heroku Dyno (Using PHP as the
main programming language
Tool Not given Git, Heroku, HeidiSQL
1.4.3. Migrate the ATN system to Heroku
Migrating the ATN system from local application to site has four stages. The first stage we will use GitHub to
contain the source code directory. In the second phase, we connect the application on Heroku to GitHub and
deploy to the Heroku cloud system. The third stage we will connect to the MySQL database. And finally we will
check if the newly deployed application is up and running. So first we will learn what GitHub is and how to create
a GitHub account.

GitHub: GitHub is, fundamentally, a hosting platform for coders. The cloud-based service enables programmers
to manage and maintain open-source programming projects while collaborating with others. It is also a tool to
help manage source code organized in the form of distributed data. Help synchronize the team's source code to 1
server. And support operations to check source code during work (diff, check modifications, show history, merge
source, ...)

State 1: Create account and push the source code folder on GitHub

Step 1: In a web browser, go to https://github.com/join. To participate, you can use any online browser on your
computer, phone, or tablet. Fill in your personal information. You'll need to create a password in addition to
creating a username and inputting an email address. Your password must be at least 15 characters long or 8
characters long with at least one number and one lowercase letter (Figure 15).
 Figure 15 Enter your personal details

Step 2: Confirm your GitHub account via email message (Figure 16)
 Figure 16 Account GitHub Verification
• Step 3: Creating a repository

A repository is usually used to organize a single project. Repositories can contain folders and files, images,
videos, spreadsheets, and data sets -- anything your project needs. Often, repositories include a file, a file
with information about your project. GitHub makes it easy to add one at the same time you create your
new repository. It also offers other common options such as a license file.README. Your repository can be
a place where you store ideas, resources, or even share and discuss things with others.hello-world (GitHub,
Inc, 2021).

1. In the upper-right corner of any page, use the drop-down menu, and select New repository.

2.
3. In the Repository name box, enter .hello-world 4. In the Description box, write a short description.
5. Select Add a README file.
6. Click Create repository.
Figure 17 Enter detail repository

Step 4: Download the GitHub Desktop tool via the following link:

• https://desktop.github.com/ and select the operating system you are using. After downloading, open it and
install it according to the instructions.
 Figure 18 Download GitHub Desktop

• Step 5: Create a repository and choose the path for the directory, the path containing the sour code.
 Figure 19 Add local repository on GitHub Desktop
• Step 6: Commit code and fill in the status and description and press Commit. After the commit is complete,
we can press Ctrl + P or push button to push the source code folder to the GitHub system.
At this point, putting the source on GitHub has been completed.
 Figure 20 Source code Commit and Push to GitHub

State 2: Connecting the Heroku app to the directory containing the app source on GitHub.

• Step 1: After connecting and giving Heroku permission to access GitHub as part 1.3 in this report. We'll find
the GitHub repo we just pushed to GitHub in state 1 and click Connect with them. See figure 21 x for more
details
 Figure 21 Connect application Heroku with repository GitHub

• Step 2: We started the development of bringing the application to Heroku through the repo source code that
has been pushed to GitHub. Detail as figure 22.
 Figure 22 Deploys application
• State 3: Connect and config database
• First, if we want to connect to the database, we need a tool to connect. I would choose HeidiSQL as
my database setup tool because HeidiSQL is free software and has the aim to be easy to learn. "Heidi" lets
you see and edit data and structures from computers running one of the database systems MariaDB,
MySQL, Microsoft SQL, PostgreSQL, and SQLite. Invented in 2002 by Ansgar, HeidiSQL belongs to the most
popular tools for MariaDB and MySQL worldwide (Ansgar Becker, 2002).
• Step 1: Visit https://www.heidisql.com/download.php to download this tool and then open it and
install it according to the instructions of the publisher (Figure 23).

Figure 23 Download HeidiSQL

• Step 2: Get database server configuration information from Add-ons on Heroku. As shown in Figure
24 we have database server information such as Host IP Address, Username, Password, Database name,
Port. Please keep this information in mind and do not expose it to the public, because it is dangerous for
others to gain unauthorized access to this database.
 Figure 24 Collecting MySQL database information

Step 3 – Configure HeidiSQL client

Open the database client and click the New button to create a new entry.

Then you will need to name the entry and fill in the MySQL database information.

Make sure you have filled out the following fields:

• Network Type – set to MariaDB or MySQL (TCP/IP).

• Hostname / IP – enter the host IP address in step 2.
• User – Fill in the MySQL database information in step 2.
• Password – Enter the user password.
• Port – The default MySQL port for local and remote connections is 3306.
• Databases – Enter the MySQL database name found in step 2.

Figure 25 Enter database server information

When done, press the Open button and you will be in the database right away.

Figure 26 Overview data base

Step 4: - Pour data into the database using the existing SQL file of the ATN system.

First click File on the toolbar then select Run SQL file... -> Then select the path for the available database file and
click Open. The last step is to press Run, the HeidiSQL tool will automatically do the rest, please wait a few
minutes.
 Figure 27 Insert data using an existing SQL file

Step 5: - Create file connect to the database

At the top of the code, we see that there are variables declared and the values assigned to them. Normally, we
need four variables to establish database connection in php code: $DB_NAME, $DB_HOST, $DB_USER and
$DB_PASS. In this code we have set correct database information for these variables, when creating PDO object
for database connection you will see the code ‘try…catch…’. This means that this script will try to connect to
MySQL. If there is a problem, the code in the 'catch' section will run. You can use a catch block to display an error
code or run other code if the attempt fails.
However, if the PHP to MySQL connection attempt fails, the catch code will display a simple connection error
and stop the script. This database server information is obtained in the above step

Figure 28 File config connect to MySQL server database

State 4: Check the application

Visit: atnstores.herokuapp.com

Step 1: See if the application is running or not by clicking the View Button Figure 29.
 Figure 29 Overview website after deploys

Step 2: - Check that the data is working properly by many ways like Login in user, admin, add, remove, edit
product or customers, …

• Login
 Figure 30 Login customer interface
• This is a login with a login form in the form of a hidden form that appears when the user presses the
SIGN IN button this form will appear. This login form contains two fields username and password field
which helps the user to login.

• Account setting
 Figure 31 Account setting interface

This is a form to edit user information, it only works after the user logs into the system and has the function to
edit information such as First name, Last name, Password and Address. In addition, it is not possible to change
the username as email because it is unique.

• View product
 Figure 32 View product interface

After logging in, users can switch to the Shop Now tab, which is located on the left side of the toolbar. After the
tab is turned on, all products will be displayed, the user can choose to add the product to the cart.

• Add to card
 Figure 33 Order detail interface

After the user presses the Add to card button, the order detail tab will display this product detail. Users can see
the price, product name and detailed product images and can freely choose the quantity they want to buy. Then
press the OK button to add the product to the cart.

• View card
 Figure 34 Card list interface

After adding products to the cart, users can switch to the Shopping card list tab to view the details of the
products they have added to the cart. Here all information such as product name, quantity, and price of each
product as well as the total price will be displayed, the user can remove the product from the cart or confirm to
order the product now.

• View ordered detail

 Figure 35 Ordered detail interface

After placing an order, users can use the My Ordered Items tab to review all products with product information
as well as the detailed product's payment.

• Sign up
 Figure 36 Sign up form interface

If the user does not have an account, the website also has a registration function to create a new account.
However, the user must enter all valid and complete information in the registration form to be able to create an
account successfully.

• Admin login
 Figure 37 Admin login form interface

In addition, the admin can log in to the management system by logging in through the admin-specific login form
with a special account. After login admin has the right to access, edit or delete components such as user,
product, as well as view all available reports, ...
 • Add product

Figure 38 Form upload items interface

Once logged in, the administrator can add new products to the system using the Upload Item tab on the left side
of the toolbar. The upload items form will appear when the admin needs to enter the product information you
want to add such as the product name, the number of products, the store that has that product, the price of that
product as well as the image of the product to be able to upload. products on the homepage. Administrators
need to enter full information to be able to add new products.

• Product management
 Figure 39 Items management interface

In this tab, the system administrator can view all the products of his store, as well as can choose options such as
editing a product as well as removing it from the system.

• Customer management
 Figure 40 Customer management interface

In this tab, there are basic features for administrators to manage user accounts such as displaying user
information, deleting users, viewing their order history through function buttons as shown in the figure below
like resetting their order.

• Confirm bill order

 Figure 41 Customer order detail interface
• When there is a new order, the administrator can see what items his customer ordered, as well as
details of each product such as quantity, product price and finally the total value of that order. The
administrator can then click Finished after the order has been completed.

• View all order detail report

 Figure 42 Report total order detail

The system administrator can view all order report information, each order will have all information such as the
name of the person who ordered, the date they ordered, the quantity of the product and the product name they
ordered. In addition, the administrator can also search for the exact order by entering the search bar with
keywords such as the name of the date ordered, the name of the customer who ordered, the name of the
product, the total amount of the correct order to check the report.
2. Implement a cloud platform using open-source tools (P6).

As in the previous report I will use Approach 1: PHP + Heroku + MySQL

In this approach I will clarify the tools that support me in the process of bringing the ATN system to the cloud
platform.
Regarding the code website application, we will use Visual Studio Code, and the project storage system we will
use GitHub as the system repository the entire project source code will be stored on. Next, we will use HeidiSQL
it is a great open-source database management tool. And the next cloud platform I'm going to use is Heroku.
We'll get into the details of the tools I'll be using.

2.1 Visual Studio Code

As a free code editor for Windows, Linux and macOS, Visual Studio Code is developed by Microsoft. It is
considered a perfect combination of IDE and Code Editor.

Visual Studio Code supports debugging, comes with Git, has syntax highlighting, smart code completion,
snippets, and code enhancements. Thanks to the customization feature, Visual Studio Code also allows users to
change themes, keyboard shortcuts, and other options.

2.1.1 Some features of Visual Studio

• Supports multiple programming languages
Visual Studio Code supports many programming languages such as C/C++, C#, F#, Visual Basic, HTML, CSS,
JavaScript, etc. So, it easily detects and gives notification if the program has errors.

• Cross-platform support
 Common coders are only used either for Windows or Linux or Mac Systems. But Visual Studio Code can
work well on all three platforms above.

• Provide a repository of extensions

In case a programmer wants to use a programming language that is not among the languages Visual Studio
supports, they can download the extension. This still won't degrade the software's performance because
the extension works as a standalone program.

• Safe storage
With the growth of programming comes the need for secure storage. With Visual Studio Code, users can
have complete peace of mind as it easily connects to Git or any existing repositories.

• Web Support
Visual Studio Code supports many web applications. In addition, it also has an editor and website designer.

• Hierarchical data storage

Most code archive files are located in similar folders. In addition, Visual Studio Code provides folders for
some particularly important files.
• Code writing support

Some of the code can be changed slightly for the convenience of users. Visual Studio Code will suggest to
the developer alternative options if available.

• Terminal support
 Visual Studio Code has terminal integration, which saves users from having to switch between two screens
or return to the original directory when performing operations.

• Multitasking screen
Visual Studio Code users can open multiple files and folders at the same time – even though they are not
related to each other.

• Git support
Visual Studio Code supports pulling or copying code directly from GitHub. This code can then be changed
and saved on the software.

• Comment
Leaving comments makes it easy for users to remember what needs to be done.

2.2 GitHub
GitHub is a well-known service that provides Git source code repositories for software projects. GitHub has all
the features of Git, in addition, it also adds social features for developers to interact with each other (TopDev,
2020).

Some information about GIT:

• Is a tool to help manage source code organized in the form of distributed data.
• Help synchronize the team's source code to 1 server.
 • Support operations to check source code during work (diff, check modifications, show history, merge source,
...)

GitHub has 2 versions: free and paid. The paid version is often used by businesses to increase team management
as well as decentralize project security. For the rest, most of us use GitHub with a free account to host source
code. 2.2.1 Some features of GitHub
GitHub is considered as the largest and easiest to use social network for developers with core features such as:

1. Wiki, issue, statistics, rename project, project is placed in the namespace as user.

2. Watch project: track the activities of other people's projects. See how people develop software, how
projects develop.
3. Follow user: follow other people's activities.

There are 2 GitHub approaches: Create your own project. Contribute to an existing project: fork someone else's
existing project, modify it, then ask them to update their edit (create a pull request).

2.2.3 Some Git concepts you need to know

• git: is the prefix of the commands used under the CLI
• branch: understood as a branch, showing the division of versions when the two versions have certain
differences, and the two versions are different.

• commit: is a point on the work tree (Work Tree) or work development tree
• push: update remote branch with local commits. This is one of four commands in Git that prompts to interact
with the remote repository. You can also consider updating or publishing.
 • clone: called cloning or performing cloning. Used to clone projects and repositories on systems running on
git, for example: bitbucket, GitHub, GitLab, (an open-source product that allows users to create their own
git server on VPS, server), … This clone will copy the repository at the commit you want, used to continue
developing. This will download all the source code and data to your computer.

• folk: Folk is an operation that copies another owner's repository to his git account. use and treat like a
repository created by me.

• repository: A data management repository, where the project's data and source code are stored.
• tag: used to mark a commit when you have so many commits that you can't control it.
• remote: used to control branches from a repository on git server, treat branches on remote the same way
as branches on local

• diff: Compare the difference between the current version and the version you want to compare, it will show
the differences

• .gitignore: git's default file used to remove (ignore) folders and files that I don't want to push to git
server

2.3 HeidiSQL
HeidiSQL is free software and has the aim to be easy to learn. "Heidi" lets you see and edit data and structures
from computers running one of the database systems MariaDB, MySQL, Microsoft SQL, PostgreSQL, and SQLite.
Invented in 2002 by Ansgar, HeidiSQL belongs to the most popular tools for MariaDB and MySQL worldwide
(Ansgar Becker, 2002).
2.3.1 Some outstanding features of HeidiSQL
• Free for everyone, Open Source
• Connect to multiple servers in one window
• Supported database systems: MariaDB, MySQL, MS SQL, PostgreSQL, and SQLite
• Connect to servers via command line
• Connect via SSH tunnel, or pass SSL settings
• Create and edit tables, views, stored routines, triggers, and scheduled events.
• Generate nice SQL-exports, compress these afterwards, or put them on the clipboard.
• Export from one server/database directly to another server/database
• Manage user-privileges
• Import text-files
• Export table rows as CSV, HTML, XML, SQL, LaTeX, Wiki Markup and PHP Array
• Browse and edit table-data using a comfortable grid
• Bulk edit tables (move to db, change engine, collation etc.)
• Batch-insert ascii or binary files into tables
• Write queries with customizable syntax-highlighting and code-completion
• Pretty reformat disordered SQL
• Monitor and kill client-processes
• Find specific text in all tables of all databases of one server
• Optimize and repair tables in a batch manner
• Launch a parallel mysql.exe command line window using your current connection settings
2.4 Heroku
Heroku is a cloud platform as a service (PaaS) that lets companies build, deliver, monitor, and scale apps. Heroku
bypasses infrastructure headaches (Heroku.com, 2021). It enables companies and individuals to create, manage,
and deploy modern applications. Heroku's mission is to shorten and simplify the processes that customers must
go through to get their apps to market. There is no need for additional code, no need to install the server, and no
need to monitor the webserver; customers simply upload the application and proceed to deploy it. Heroku
automates most of the processes required to bring a piece of software to life. The customer's job is simply to
deploy the software and continue to expand and
improve it.

2.4.1 Some outstanding features Heroku

• Support for modern open-source languages

Run multiple languages, like Node, Ruby, Java, Clojure, Scala, Go, Python, and PHP, all from the same
platform - using technologies that fit your application needs.

• Smart carrying case, elastic runtime

Your application runs in dynos, a smart container that is part of an elastic runtime platform that provides
orchestration, load balancing, security, logging, and more.

• Simple horizontal and vertical scalability

Heroku Enterprise runs some of the highest-traffic and most demanding applications in the world. Easily
extend apps in one click with no downtime.

• Trusted App Operation

 Heroku's global security and operations team is on duty 24/7/365, freeing development teams to focus on
creating more engaging user experiences.

• Built for continuous integration and delivery

Deploy from Git, GitHub, or Docker, or use the API. Plug in the most popular CI servers and systems for
automated and consistent application delivery.

• Leading Platform Tools and Services Ecosystem

Compose apps with Add-ons, customize language stacks with Build Packs, and kickstart projects with
Button, all from the Heroku Elements marketplace.
3. The most common problems which arise in a Cloud Computing platform (P7).

Cloud computing, which some have referred to be a new technology, has aided many businesses in their
operations. Although we cannot dispute the advantages that cloud computing provides to businesses, there are
still certain issues that arise when employing cloud computing. Cloud network traffic will be detrimental to cloud
performance. The machines will be irresponsible if cloud capacity is more than 80% full. There's a danger that
servers and computers will crash. This will result in the loss of valuable data such as customer information, sales
reports, and so on. Cloud attacks are also a significant problem in cloud
computing.

Users can utilize cloud computing to host their web services like web hosting and cloud storage. This has
attracted hackers who want to steal business data like daily sales, profit reports, and financial records, among
other things. Malware injection attacks, wrapping attacks, SQL injection attacks, authentication assaults, and
Denial of Service attacks are some of the most common types of cloud attacks.

Organizational, technological, data security and privacy, physical security, and compliance are the most common
issues that arise with cloud computing systems. The risk categories and subcategories are shown in the diagram
below. In the following part, I go over these categories from the standpoint of both cloud providers and
customers.
 Figure 43 Cloud Security Risk Categories and sub-Categories

3.1 Problems from Cloud Provider Perspective

3.1.1 Data security, Privacy and Control Risks

Data encryption mitigates data security and privacy concerns, and it is the Cloud Service Provider's (CSP)job to
manage these rudimentary threats. The storage provider should provide encryption schema and regular data
backups to assure data integrity, secrecy, and availability. CSP is responsible for implementing additional data
security measures. Strong encryption mechanisms for data protection and fine-grained permission to manage
user access to data are part of these security measures.
Identity and Access Management (IAM)

IAM enhances operational efficiency, regulatory compliance, and automated provisioning, authentication, and
authorization services by controlling critical security problems. Solves this problem by implementing single sign-
on, federated identity, access control lists, directory-based services, and attribute-based access. The CSP should
provide a rigorous access control mechanism to prevent unwanted access. Administrative access in cloud
computing is done over the internet, which increases the danger of illegal access to data and resources.

Multi-tenancy

Multi-tenancy is an important feature of cloud computing because it allows for more effective resource
provisioning by maximizing the utilization of underlying hardware resources.

One of the major difficulties for the public cloud is multi-tenancy security and privacy. Because data from several
tenants is likely to be kept in the same database in multi-tenancy, there is a high danger of data leakage
between these tenants. Data is stored in a shared environment with that of other customers, putting CSP at
danger of multitenancy.

Data availability and backup

Because the data is housed remotely in the cloud, it is challenging for CSP to provide proper availability and
backup of the data. As a result, not only is it difficult to back up data, but also to recover data in the event of a
failure.
3.1.2 Organizational risks

Organizational risks are defined as those that have the potential to affect the structure of the organization or the
firm as a whole.

Management of organizational change

Change resistance as a result of organizational politics, as well as changes in how people work, is a major
organizational risk. Use organizational change management intelligence to mitigate this and involve key
stakeholders in the adoption process.

Organizing resources
The loss of control over resources poses a risk to resource planning, resulting in confusing roles and )
responsibilities. To avoid this, it's critical to define roles and responsibilities before moving to the cloud.

Organizational security management

To ensure the deployment and adoption of safe clouds, existing security models must be reevaluated, and new
security standards must be developed.

3.1.3 Technical risks

Technical risks include failures relating to CSP's technology and services, such as resource sharing isolation issues
and malicious CSP hazards connected to portability and interoperability. Poor, unresponsive hardware
maintenance systems, low availability, and hardware failure are among technical concerns linked with hardware.

Portability in the Cloud

Incompatibilities across CSP platforms prevent cloud interoperability. For cloud interoperability, the approach is
to employ cloud middleware.

Application Development

Risk of service interruption on the provider's end results in widespread outages, service unavailability, or data
loss.

Lack of Interoperability Standards

Interoperability standards are lacking in cloud computing. Because there is no standard for communication and
data export between and within CSP, establishing proper security frameworks is problematic.

3.1.4 Compliance and Audit

Lack of jurisdiction information, changes in jurisdiction, contract stipulations that are illegal, and a continuing
legal battle are all risks. Both the CSP and the customer are responsible for adhering to the contract's rules and
regulations, as well as auditing SLAs on a regular basis.

3.1.5 Physical Security

Data Location and Data Center

To provide a secure physical location for clients' data, CSP should ensure that the cloud data center is
operationally secure. The infrastructure, which includes servers, networks, and storage devices, is managed by
CSP. Staff training, physical site security, and network firewalls are all examples of infrastructure measures that
CSP should build and maintain. Physical access control must be strong because attackers can take complete
servers even if they are secured by firewalls and encryption if physical access control is poor. The cloud provider
is not only responsible for storing and processing data in certain jurisdictions, but also for adhering to those
governments' privacy standards.

3.2 Risks from Cloud Customer Perspective

3.2.1 Data security, Privacy and Control risks

• User Access
All software security safeguards are managed entirely at the customer's expense. These include application
access control, identity access management (IAM), software patching, and virus prevention. One of the dangers
is how a client will deal with the CSP's privileged status and security issues including fault removal, data damage,
and data migration.

• Data Privacy and Security

It is critical for end-users to understand the privacy and security of their data while dealing with CSP in order to
ensure that data privacy is not jeopardized. Customers, however, are ultimately responsible for the security and
integrity of their own data, even if it is stored on the provider's premises. Users of cloud services will face major
problems if their encryption key or privileged access code is lost.

• Data Segregation
It is the obligation of the cloud customer to learn about the mechanisms used by the provider to separate data
and to guarantee that encryption algorithms are implemented and are secure enough.

• Data Availability
When client data is posted to the cloud, the client no longer has access to that data. Customers' personal data
and information stored in the cloud is either lost or difficult to recover.

• Secure Data Deletion

Data deletion that is appropriate, error-free, and timely may be difficult and undesired. When data is no longer
needed, it is expected to be totally deleted. However, because to the physical properties of the storage medium,
the deleted data may still exist and be restored. This could put the customer's sensitive information at risk.

3.2.2 Technical risks

• Infrastructure capabilities
Because of the server's workload and the network's unpredictable nature, it's tough to show CSP that their cloud
performance isn't meeting their agreed-upon SLA. The solution is to thoroughly investigate the cloud's
performance before using it. Another option for verifying system performance is to employ thirdparty
monitoring software.
• Application development
The goal is to allow developers to build applications on top of the given flatform. As a result, it is primarily the
responsibility of the customers to protect their developed applications and the flatform. At the same time, the
providers are in charge of isolating the applications and development environments of their customers.

3.2.3 Compliance and Audit

• Disaster recovery
Cloud Customers should be aware of what will happen to their data in the event of a disaster. As a result, it is the
customer's primary security obligation to inquire about the provider's ability to fully recover your data and how
long it will take.

3.2.4 Physical Security

• Data Location
The CSP stores the data redundantly in different physical locations and does not expose the location information
to the consumer. On the customer side, determining whether suitable security measures are in place to protect
customers' data is tough. A cloud computing environment's downtime, or the time when the CSP computers are
not functioning properly, is unavoidable for the customer. Customers' faith in the company is severely shaken as
a result of this event.

3.3 Solution
We recommend various security measures in the table below that can help mitigate the detected risks to some
extent.
Table 3 Solution risk

Problems Solutions

Data Security and Ensure that client data is available CSP has implemented specific security
Privacy in the cloud. precautions to prevent disruptions and
assaults.

Risks associated with data privacy • To mitigate these concerns, APIs

and security are being used to construct a
comprehensive access control
system, with data transmission
being encrypted.
 HIPPA and FISMA are examples of
these rules.

Disaster Recovery and Business To avoid vulnerabilities in the event of

Continuity a significant failure, recommends
duplicating data across various
infrastructures.

4.Assess the most common security issues in cloud environments(P8)

The most significant impediment to companies adopting cloud computing is security. Because cloud computing
covers a wide range of technologies, including networks, databases, operating systems, virtualization, resource
scheduling, transaction management, load balancing, concurrency control, and memory management, there are
several security concerns.

Many of these systems and technologies have security vulnerabilities, and cloud computing is no exception. The
network that connects the systems in a cloud, for example, must be secure. Furthermore, the cloud computing
virtualization paradigm raises various security risks. The mapping of virtual machines to physical computers, for
example, must be done safely. Encrypting data and ensuring that suitable data sharing regulations are enforced
are both part of data security.

Security Issues faced by Cloud computing:

4.1 Data security
There is a risk of data misuse when numerous organizations share resources. To avoid risk, data repositories, as
well as data that is stored, transported, or processed, must be secured. Data security is one of the most pressing
concerns in cloud computing. It is critical to offer authentication, authorization, and access control for data
stored in the cloud to improve cloud computing security. The following are the three primary areas of data
security (Colin Ting Si Xue, 2016):

• Confidentiality: - The top vulnerabilities should be examined to ensure that data is safe from assaults. As a
result, security tests such as Cross-site Scripting and Access Control Mechanisms must be performed to
protect data from malicious users.
• Integrity: Thin clients are used to provide security to client data when only a few resources are
available. To ensure data integrity, users should not keep personal information such as passwords.
• Availability: The purpose of cloud computing system availability (including apps and infrastructures) is to
ensure that users can access them at any time and from any location.

The number of people and businesses who utilize the Internet is growing. This also raises the risk of viruses,
worms, and cyber-terrorists probing and attacking. One of the service providers, Google Inc., experienced a
security breach in which their systems were compromised. The percentage of significant concerns issues in cloud
computing is depicted in the graph below (Colin Ting Si Xue, 2016).
 Figure 44 Cloud Computing Adoption Issues

Networks, operating systems, databases, transaction management, and other security issues are all part of the
problem. In cloud computing, data theft has become a big problem. Some service providers do not have their
own server; instead, they purchase services from other providers since it is more cost-effective and adaptable.
Data theft from external servers is more likely as a result of this. One of the companies, Zappos, was a victim of
cybercrime. Around 24 million of their members' account details, including personal information, credit card
information, and encrypted passwords, have been taken (Colin Ting Si Xue, 2016).

Solution:

 Encryption is recommended as a better way to secure data. It is preferable to encrypt data before storing it
on a cloud server. To strengthen data security in the cloud, a data security model that includes
authentication, data encryption and integrity, data recovery, and user protection must be created. Data
protection can be used as a service to secure privacy and data security.
  Before uploading data to the cloud, users should double-check that the data is saved on backup disks
and that the keywords in the files have not changed. Before uploading to cloud servers, calculate the hash
of the file to ensure that the data is not tampered with. This hash calculation
can be used to ensure data integrity, however maintaining it is quite complex.
 Combining identity-based cryptography and RSA Signature can give an RSA-based data integrity check.
 Credential or attributed-based policies are superior for identifying unauthorized users.

 The RSA-based storage security method can be used to compute huge files of various sizes and to address
distant data security.

4.2 Malware Injection Attack

Hackers will attempt to compromise cloud-based programs and websites. Typically, hackers will discover a web
application's or website's vulnerabilities and make changes to it, causing the application or website's normal
operation to be disrupted. SQL injection is the most common sort of malware insertion among the other
varieties. SQL injection is a technique for altering the query structure. To get an advantage, the hackers will
utilize erroneous data validation. SQL servers or databases are usually the targets of their attacks. Furthermore,
hackers will attempt to introduce malicious code, particularly into the web server, in order to circumvent the
login stage and gain access to the database. They'll try to change database data, retrieve data from companies,
and even take over the entire web server. Hackers will utilize JavaScript, HTML, VBScript, ActiveX, and Flash,
among other tactics and harmful programs.

Solution:
 ❖ Users' requests in cloud computing are processed based on authorization and authentication, which takes
place between web servers and web browsers. Hackers will attempt to implant malicious code into the
cloud. To avoid this, cloud service providers must save information about the users' operating systems (OS)
during the initial registration process. Cross-checking will be done before launching an instance on the
cloud because cloud computing is a fully independent OS platform. This is done to see if the OS
information saved in the cloud matches the instance being requested.

4.3 Authentication Attack

In a cloud context, an authentication attack is also a sort of attack. Hackers attempt to gain access to the user's
credentials and private information during the authentication process. If they succeed, the hackers will have
access to users' personal information, sensitive information held by organizations, and so on.

Solution: Authentication is always a vulnerability, especially in the cloud. For both sides, one solution is to use
Key Management. The access time should be recorded in the server logs. Furthermore, after a number of failed
login attempts, the account should be automatically locked.

4.4 Cross-Site Scripting (XSS) and Cross-site request forgery (XSRF) attack
XSS (Cross-Site Scripting) assault This XSS attack occurs when an application sends untrusted data to a web
browser without performing sufficient validation. This enables the attacker to run scripts in the victim's browser,
which can be used to hijack user sessions, deface websites, or redirect users to malicious websites.
An attacker takes advantage of the trust built between a website's authorized user and the website itself in this
XSRF attack.

Solution to avoid XSS and XSRF attacks:

 Ensure that form fields are not formatted using Hyper Text Markup Language (HTML).
  Validate all fields, strings, variables, and cookies for accuracy.
 Don't save unneeded data in cookies, and if you must, set the cookie expiry time to a short period of time.
 All data communications between clients and servers should be encrypted. ❖ When authenticating on
websites, do not select the Remember Me option.

4.5 Broken access control

This vulnerability arises when restrictions on what authenticated users are allowed to do are not enforced.
Attackers can get access to another user's accounts, read sensitive files, modify another user's data, change
access rights, and more by exploiting this flaw.

Solutions to avoid broken access control:

 Check Access — Every direct reference from an untrusted source should be verified for access control to
ensure that the user has permission to access the requested resource.
 Indirect object references per user or session — This solution employs a coding pattern that prohibits
attackers from directly targeting illegal resources.
 Automated verification — Automate the verification process to ensure correct authentication
implementation.
Conclusion

Following the report, I clarified the issues:

 A demonstration of how to use open-source tools to configure and install the cloud computing platform.
 An examination of the most frequent cloud computing platform issues.
 Solutions to these issues that have been proposed.
 The most frequent security issues in the cloud environment are examined. ❖ Discussion about how to deal
with these problems.
 References

Available at: https://aws.amazon.com/vi/what-is-cloud-computing/

[Accessed June 18, 2021]

1. Cloud Computing

Available at: https://www.ibm.com/cloud/learn/cloud-computing

[Accessed June 18, 2021]

2. Cloud Deployment Models – Which One is Right for Your Organization

Available at: https://www.rishabhsoft.com/blog/basics-of-cloud-computing-deployment-and-service-models

[Accessed June 18, 2021]

3. Cloud Computing Deployment Models: Technical know how.

Available at: https://manrai-tarun.medium.com/cloud-computing-deployment-models-technical-know-how-33a3ad30cb66

[Accessed June 18, 2021]

4. Cloud Deployment Model

Available at: https://www.sciencedirect.com/topics/computer-science/cloud-deployment-model

[Accessed June 18, 2021]

5. 4 Best Cloud Deployment Models Overview

Available at: https://www.sam-solutions.com/blog/four-best-cloud-deployment-models-you-need-to-know/

[Accessed June 18, 2021]

 6. 5 Cloud Deployment Models: Learn the Differences

Available at: https://phoenixnap.com/blog/cloud-deployment-models

[Accessed June 18, 2021]

7. The three service models of Cloud Computing

Available at: https://www.openintl.com/the-three-service-models-of-cloud-computing/

[Accessed June 18, 2021]

8. Cloud Service Models

Available at: https://www.javatpoint.com/cloud-service-models

[Accessed June 18, 2021]

9. Service models in Cloud Computing

Available at: https://www.tutorialride.com/cloud-computing/service-models-in-cloud-computing.htm

[Accessed June 18, 2021]