Security Misconfigurations in Cloud-Native Web Applications

Ishva Jitendrakumar Kanani

Abstract: The rise of cloud - native architectures has enabled unprecedented scalability and agility in web application deployment. However, this shift has also increased the attack surface, particularly through configuration errors. Security misconfigurations such as publicly accessible storage buckets, exposed environment files, verbose error disclosures, and improperly scoped CORS policies pose a serious threat to application and data integrity. This paper investigates the role of misconfigurations in major cloud security incidents, including the 2019 Capital One breach, and presents a framework for detecting and mitigating such risks in modern deployments. Drawing on academic research, vendor documentation, and breach analyses, we propose best practices for integrating configuration security into the DevSecOps lifecycle.

Keywords: Cloud Security, Web Application Security, S3 Buckets, Environment File Leaks, Misconfigured CORS, CI/CD Security, DevSecOps, Cloud Posture Management, Policy - as - Code, Secrets Management

How to Cite?: Ishva Jitendrakumar Kanani, "Security Misconfigurations in Cloud-Native Web Applications", Volume 9 Issue 12, December 2020, International Journal of Science and Research (IJSR), Pages: 1935-1938, https://www.ijsr.net/getabstract.php?paperid=MS2012131513, DOI: https://dx.doi.org/10.21275/MS2012131513