The decision to use either Cloud Computing (CC) applications or Traditional Information Technology Outsourcing (Traditional ITO) environments is a function of the security evaluations of these two options. Hackers are constantly nosing around websites and other computer networks for compromised computers that have some vulnerabilities to exploit them. Vulnerabilities in cloud computing and Traditional ITO environments are leading causes of recent data breaches. These breaches provide opportunities to hackers to attack and gain access to customer information such as credit cards and contact information, passwords, sending of malicious codes to website users or making users computer potential candidates of botnets and to hijack the sessions of authentic users to make unapproved purchases on their behalf. In this paper, security penetration tools have been employed to evaluate the security vulnerabilities of cloud-based solutions and Traditional ITO to discover possible vulnerabilities, their causes and mitigation strategies to securing web applications from the discovered vulnerabilities. Some web applications and a Traditional ITO network were ethically hacked to discover vulnerabilities in them. Analyses of the results obtained through the ZAP scan flagged Remote File Inclusion (RFI) alert were high priority alert. In all, RFI constitutes the most serious potential threat and it needs the fullest attention of CC service providers. Nmap disclosed opened ports in Traditional ITO Virtual Private Network which can make the server of the provider accessible to hackers leading to a considerable disclosure of information to unauthorized users.