Despite the belief that cloud-based systems are immediately “more secure” than their traditional counterparts, the truth is that cloud computing can actually make applications less secure. Applications running in the cloud are still vulnerable to many of the issues organizations have struggled to address in traditional applications. Insecure applications that run in the cloud are identical to insecure applications that run on standalone, dedicated servers. Issues such as buffer overflows, SQL injection, cross-site scripting (XSS), command injection, and other common application-level vulnerabilities do not magically disappear because your organization has migrated its applications to the cloud. In addition to the known vulnerability classes, applications running in the cloud also bring up a new set of security concerns. Due to the novelty of cloud computing, some of the anticipated threats have been theorized, studied, and accepted as potential avenues of attack for cloud applications. In addition to those vulnerable classes that are proposed, there will be many new threats that no one will have anticipated and that your organization will have to deal with and harden its applications against. The following sections describe some of the attack classes against cloud applications.