METHODOLOGY FOR STUDYING THE SECURITY STATUS OF CLOUD TECHNOLOGIES USING OSINT TOOLS
DOI: 10.31673/2409-7292.2025.026087
DOI:
https://doi.org/10.31673/2409-7292.2025.026087Abstract
The article examines the current problem of ensuring cybersecurity of cloud storage in the context of rapid digital
transformation and the growing dependence of organizations on cloud technologies. The authors propose a systematic
methodology for assessing the security status of cloud environments using open-source intelligence (OSINT) tools, which allows
identifying potential vulnerabilities without direct interaction with the research object. The developed methodology covers the
full cycle of OSINT research: from goal setting and selection of relevant tools to data collection, analysis, and documentation.
Particular attention is paid to threats specific to cloud storage, such as misconfigurations, account compromise, unprotected
APIs, data leaks, and insider risks. Examples of OSINT tools and techniques for identifying these threats are presented (Shodan,
Censys, Google Dorks, Have I Been Pwned, etc.). The article also emphasizes the importance of an ethical approach to research,
emphasizing the need to comply with the law when collecting information from open sources. The advantages of OSINT as a
tool for safe, cost-effective and operational assessment of the level of security of cloud infrastructure are separately considered.
The proposed methodology is a valuable practical tool for cybersecurity professionals, auditors and researchers, allowing for
effective detection of vulnerabilities in
Keywords: cybersecurity, cloud storage, OSINT, open-source intelligence, data security, vulnerabilities, risk analysis.
References
1. Таксін О. П., Корнійчук О. М. Безпека хмарних обчислень: актуальні загрози та методи захисту //
Інформаційні технології та комп'ютерна інженерія. 2020. № 1. С. 55-62.
2. Subashini S., Kavitha V. A survey on security issues in cloud computing // Journal of Network and Computer
Applications. 2011. Vol. 34, No. 1. P. 1-11., Режим доступу: https://doi.org/10.1016/j.jnca.2010.07.006
3. Ничик В. М., Романов В. В., Терещенко Т. О. Розвідка на основі відкритих джерел: концептуальні засади
та інструментарій // Інформаційна безпека. 2019. № 1. С. 15-22.
4. Bremmer J. N. Open source intelligence techniques: Resources for searching and analyzing online information.
Lulu.com, 2010.
5. Shutenko V., Teres K. Must-Know Cloud Security Statistics for 2025 Режим доступу: https://www.
techmagic.co/blog/cloud-security-statistics
6. Zissis D., Lekkas D. Addressing cloud computing security issues // Future Generation Computer Systems. 2012.
Vol. 28, No. 3. P. 583-592, Режим доступу: https://doi.org/10.1016/j.future.2010.12.006
7. Ранич В. М., Ковальчук С. В. Аналіз вразливостей хмарних сервісів зберігання даних // Захист
інформації. 2018. № 2. С. 45-51.
8. Lande D., Shnurko-Tabakova E. OSINT as a part of cyber defense system. Theoretical and Applied
Cybersecurity. 2019. Vol. 1, no. 1. URL: https://doi.org/10.20535/tacs.2664-29132019.1.169091
9. CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing / S. An et al. 2019 18th IEEE
International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International
Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 5–8 August 2019.
2019. URL: https://doi.org/10.1109/trustcom/bigdatase.2019.00086
10. Cloud Property Graph: Connecting Cloud Security Assessments with Static Code Analysis / C. Banse et
al. 2021 IEEE 14th International Conference on Cloud Computing (CLOUD), Chicago, IL, USA, 5–10 September 2021.
2021. URL: https://doi.org/10.1109/cloud53861.2021.00014
11. Mukhopadhyay A., Luther K. OSINT Clinic: Co-designing AI-Augmented Collaborative OSINT
Investigations for Vulnerability Assessment. CHI 2025: CHI Conference on Human Factors in Computing Systems,
Yokohama Japan. New York, NY, USA, 2025. P. 1–22. URL: https://doi.org/10.1145/3706598.3713283
