If you use Microsoft Azure, Amazon Web Services, Google Cloud, or other cloud services, you need cloud penetration testing. Learn about common cloud security gaps and the benefits of cloud penetration testing.
Cloud Infrastructure at Risk
- File Storage
- Web Server
- Serverless Computing
- Virtual Machines
- Networking Hardware
- Segmentation, DMZs
- Backup, Failover & Disaster Recovery
Common Cloud Security Gaps
- Example: Misconfigured AWS S3 bucket exposes sensitive data to the internet.
- Risk: Breach of customer data or acquisition of user credentials.
- Fix: Secure data storage accounts with stronger access policies.
Access Key Exposure
- Example: A developer embeds a google Cloud key in code stored on GitHub.
- Risk: Access to the cloud account or data such as credentials. Opportunity to pivot from the cloud to an internal network.
- Fix: Limit credential exposure by using key vaulting solutions.
- Example: An Azure website developer also has access to a domain controller.
- Risk: Increased risk for accounts believed to be low risk.
- Fix: Limit excessive permissions granted to accounts.
Entry Point to Internal Network
- Example: VPN can be used to access on-premise resources from the cloud environment.
- Risk: Pivot via a VPN tunnel to the corporate network from a compromised cloud host.
- Fix: Evaluate risks associated with your external presence.
Benefits of Cloud Penetration Testing
- Avoid Breaches
- Achieve Compliance
- Improve Security
What is Cloud Penetration Testing?
Network Penetration Testing
- Internal cloud networks
- Virtual machines hosted in the cloud
- External cloud services
- Confirmation of secure configurations
- User privileges
- Access control
- Hosted services