Web Application Security: Business and Risk Considerations

ISACA has a White Paper on its website with the above title. The paper is an excellent resource for those interested in cloud risks and how to address them. That includes a lot of people!

One of the interesting parts of the paper is the table listing the various types of vulnerabilities encountered in the cloud. These include SQL Injection, Cross-site scripting and Insecure Direct Object Reference, among others. The paper goes on to list some areas of security to focus on, including some specific guidance on the old stand-by's of executive support, training and support.

The paper concludes with assurance considerations, including the use of Cobit to strengthen controls.

An excellent paper. You can download it through this link.