Cloud penetration testing is designed to assess the strengths and weaknesses of a cloud system to improve its overall security posture. Cloud penetration testing helps to:
AIIT can perform few different types of Cloud penetration tests
External Infrastructure or Blackbox Cloud Penetration Test
The testing attacks the cloud environment from the Internet, emulating an anonymous. We will need cloud asset inventory and no specifical access to the cloud environment. Examples of security issues identified – exposed database, misconfigurations, or software with known vulnerabilities.
Internal and Config Review or Graybox Cloud Penetration Test
Assess the cloud environment from within the context of an internally authenticated user. The assessment will review cloud configuration to perform gap analysis against security best practices and attempt to escalate privileges and gain access to other backbone infrastructure. We will require authenticated access to the cloud environment and privileged read only access to review configuration
Web Applications hosted on Cloud
The testing will focus on web applications that are hosted on AWS/Azure that use an array of services like EC2, RDS, S3, Lambda, etc. This assessment will largely resemble a traditional application pentest, but requires special consideration for specific AWS/Azure services used within your stack
Biggest Cloud Security Threats
