Cloud penetration testing is a form of security assessment conducted on an environment hosted by a cloud service provider such as Amazon's AWS or Microsoft Azure.
Cloud penetration testing is designed to gauge the effectiveness of security controls and identify, safely exploit and help to remediate vulnerabilities before they are compromised by malicious adversaries.
Visibility
Gain visibility and understand the impact of vulnerabilities in your cloud infrastructure.
Explore
Find business and logic flaws that other forms of testing can't find.
Protect
Ensure data and functionality is protected from unauthorised access and malicious use.
Secure
Secure yourself from leaking sensitive customer data.
Cloud Infrastructure At Risk
Common Security Cloud Gaps
01
Data Exposure
Example: Misconfigured AWS S3 bucket exposes sensitive data to the internet.
Risk: Breach of customer data or acquisition of user credentials.
Fix: Secure data storage accounts with stronger access policies.
02
Access Key Exposure
Example: A developer embeds a Google Cloud key in code stored on GitHub.
Risk: Access to the cloud account or data such as credentials. Opportunity to pivot from the cloud to an internal network.
Fix: Limit credential exposure by using key vaulting solutions.
03
Access Privileges
Example: An Azure website developer also has access to a domain controller.
Risk: Increased risk for accounts believed to be low risk.
Fix: Limit excessive permissions granted to accounts.
04
Entry Point to Internal Network
Example: VPN can be used to access on-premise resources from the cloud environment.
Risk: Pivot via a VPN tunnel to the corporate network from a compromised cloud host.
Fix: Evaluate risks associated with your external presence.
