Cloud Penetration Testing

What is Cloud Penetration Testing?

A penetration test, pen test, also known as ethical hacking, is a simulated cyber attack against a system that is hosted on a Cloud provider, e.g. Amazon AWS, Google Cloud, Microsoft Azure or IBM Cloud. In other words, a penetration test is a process in which methodologies and techniques are used in an attempt to identify security weaknesses and flaws that could allow a malicious attacker to cause harm or gain unauthorized access to, the resources located in the targeted system (such as databases, credit card information, sensitive personal data, etc.). Once the security flaws are identified, an analysis of the potential risks and vulnerability impact is provided alongside remediation measures.

Security testing will never be an exact science where a complete list of all possible issues that should be tested can be defined. Indeed, security testing is only an appropriate technique for testing the security of web applications under certain circumstances. Our penetration test team will push your system to its limits in a barrage of simulated cyber attacks, discovering every possible vulnerability so that your organization gets the complete picture and 100% of your data is safe.

Why is Cloud Penetration Testing Important?

The need for cloud penetration testing is mostly driven by the change in the security landscape. Cloud penetration tests are increased technical assurance and better understanding of the attack surface that your systems are exposed to. Cloud systems, whether they are infrastructure as a service (IaaS), platform as a service (PaaS), or software as a service (SaaS), are prone to security misconfigurations, weaknesses, and security threats just as traditional systems are.

Cloud security testing provides you with:

  • A better understanding of your cloud estate. What services do you have in the cloud? What systems do you expose to the public?
  • A detailed report on any common security misconfigurations along with our recommendations for how to secure your cloud configuration.

The increased assurance will come from the fact that that you will gain visibility of the security weaknesses of your cloud estate. You will be able to verify what services and data are publicly accessible, what cloud security controls are in effect, and how effectively these are mitigating your security risk.

30000 +
Hours Security Experience

Takes 10 000 hours to become an world class expert. Became possible because we adore our work.

120 +
Happy clients

We are preferred provider of cyber security services and products. Strong cyber security is revenue generator.

300 +
Penetration tests

We have found more than a thousand vulnerable web sites, applications and devices.

1000 +
Protected

More than a thousand protected websites, applications and devices from criminals and malicious software attacks.

GET A FREE QUOTE

What are the security issues in the cloud?

Although cloud providers offer increasingly robust security controls, you are ultimately responsible for securing your company’s workloads in the cloud. According to the 2019 Cloud Security Report, the top cloud security challenges highlighted are about data loss and data privacy. This is followed by compliance concerns, tied with concerns about accidental exposure of credentials.

Operational Security Headaches

  • 34% Compliance
  • 33% Lack of Visibility into infrastructure security
  • 31% Lack of qualified staff

Biggest Cloud Security Threats

  • Unauthorized Access
  • Insecure Interfaces/APIs
  • Misconfiguration of the cloud platform
  • Hijacking of accounts services or traffic
  • External sharing of data
  • Malicious insiders
  • Malware/ransomware

What Is Our Testing Methodology?

Passive Testing

It is a penetration testing technique where attackers extract information related to the target without interacting with the target. That means no request has been sent directly to the target. Generally, the public resource is used to gather information. Аlso this information can be useful in active testing.

Active Testing

During active testing, a tester begins to use the methodologies described in the follow sections:

  1. Configuration and Deployment Management Testing
    • Test Network Infrastructure Configuration
    • Test Application Platform Configuration
    • File Extensions Handling for Sensitive Information
    • Review Old Backup and Unreferenced Files for Sensitive Information
    • Enumerate Infrastructure and Application Admin Interfaces
    • HTTP Methods
    • HTTP Strict Transport Security
    • RIA Cross Domain Policy
    • File Permission
    • Subdomain Takeover
    • Cloud Storage
    • Test for Content Security Policy
  2. Identity Management Testing
    • Role Definitions
    • User Registration Process
    • Account Provisioning Process
    • Testing for Account Enumeration and Guessable User Account
    • Testing for Weak or Unenforced Username Policy
  3. Authentication Testing
    • Testing for Credentials Transported over an Encrypted Channel
    • Default Credentials
    • Weak Lock Out Mechanism
    • Bypassing Authentication Schema
    • Vulnerable Remember Password
    • Browser Cache Weaknesses
    • Weak Password Policy
    • Weak Security Question Answer
    • Weak Password Change or Reset Functionalities
    • Weaker Authentication in Alternative Channel
  4. Authorization Testing
    • Directory Traversal File Include
    • Bypassing Authorization Schema
    • Privilege Escalation
    • Insecure Direct Object References
  5. Session Management Testing
    • Testing for Session Management Schema
    • Cookies Attributes
    • Session Fixation
    • Exposed Session Variables
    • Cross Site Request Forgery (CSRF)
    • Logout Functionality
    • Session Timeout
    • Session Puzzling
    • Session Hijacking
    • JSON Web Tokens
  6. Input Validation Testing
    • Testing for Reflected Cross Site Scripting (reflected XSS)
    • Stored Cross Site Scripting (Stored XSS)
    • HTTP Verb Tampering
    • HTTP Parameter Pollution
    • SQL Injection (Oracle, MySQL, SQL Server, PostgreSQL, MS Access, NoSQL Injection)
    • ORM Injection
    • Client-side
    • LDAP Injection
    • XML Injection
    • SSI Injection
    • XPath Injection
    • IMAP SMTP Injection
    • Code Injection
    • File Inclusion
    • Command Injection
    • Format String Injection
    • Incubated Vulnerability
    • HTTP Splitting Smuggling
    • HTTP Incoming Requests
    • Host Header Injection
    • Server-side Template Injection
    • Server-Side Request Forgery
    • Mass Assignment
  7. Testing for Error Handling
    • Improper Error Handling
    • Stack Traces
  8. Testing for Weak Cryptography
    • Weak Transport Layer Security
    • Padding Oracle
    • Sensitive Information Sent via Unencrypted Channels
    • Weak Encryption
  9. Business Logic Testing
    • Introduction to Business Logic
    • Business Logic Data Validation
    • Ability to Forge Requests
    • Integrity Checks
    • Process Timing
    • Number of Times a Function Can Be Used Limits
    • Circumvention of Work Flows
    • Defenses Against Application Misuse
    • Upload of Unexpected File Types
    • Upload of Malicious Files
  10. Client-side Testing
    • Testing for DOM-Based Cross Site Scripting
    • Self DOM Based Cross-Site Scripting
    • JavaScript Execution
    • HTML Injection
    • Client-side URL Redirect
    • CSS Injection
    • Client-side Resource Manipulation
    • Cross Origin Resource Sharing
    • Cross Site Flashing
    • Clickjacking
    • WebSockets
    • Web Messaging
    • Browser Storage
    • Cross Site Script Inclusion
  11. API Testing
    • Testing GraphQL
  12. Specific Network Testing
    • VLAN Hopping
    • Sniffing
    • IP Redirections
    • Session Hijacking
    • Session Replay
    • Operating System Network Attacks
    • Network Hash Passing
    • DNS Weaknesses
    • Various OS Weaknesses
    • Advanced Layer 2-7 Attacks
    • Protocol Fuzzing
    • Cryptographic Weaknesses
  13. Other Attack Vectors
    • Unauthorized Access
    • Insecure Interfaces/APIs
    • Misconfiguration of the cloud platform
    • Hijacking of accounts services or traffic
    • External sharing of data
    • Malicious insiders
    • Malware/ransomware
    • Buffer Overflow
    • Zero-day
    • Phishing
    • Rootkits

Cloud Penetration Testing involves a mixture of external and internal penetration testing techniques to examine the external posture of the organisation. Examples of vulnerabilities determined by this type of active testing can include unprotected storage blobs and S3 buckets, servers with management ports open to the internet and poor egress controls.

Cloud Penetration Testing focuses primarily around examining the protection on these key areas:

  • Enumeration of external attack surface – Identify all possible entry points into the environment – O365, Web Applications, Storage Blobs, S3 Buckets, SQL/RDS Databases, Azure Automation APIs, AWS APIs, Remote Desktops, VPNs, etc.
  • Authentication and Authorization Testing – Ensure the users within the environment operate on a Principle of Least Privilege, are protected by robust multi factor authentication policies, as well as ensuring that known ‘bad passwords’ are prohibited from being used.
  • Virtual Machines / EC2 – Azure supports two types of virtual machines – Classic and v2. Testing will ensure that these virtual machines are protected via Network Security Groups (NSGs – analogous to firewalls) and their data is encrypted at rest. Where possible, audits of missing patches and their effects are included. Where virtual machines are publicly accessible, this will lead on to the examination of their external interfaces.
  • Storage and Databases – This area of testing will examine storage blob permissions and those of subfolders, ensuring that only authenticated and authorised users can access the data within. Examination of databases (either on virtual machines running SQL Server, or running via Azure SQL) for security best practices is also covered

What Are the Stages of Pen Testing?

Through penetration testing, you can proactively identify the most exploitable security weaknesses before someone else does. However, there’s a lot more to it than the actual act of infiltration. Pen testing is a thorough, well thought out project that consists of several phases:

1

Planning and Preparation

Before a pen test begins, the testers and their clients need to be aligned on the goals of the test, so it’s scoped and executed properly. They’ll need to know what types of tests they should be running, who will be aware that the test is running, how much information and access the testers will have to start out with, and other important details that will ensure the test is a success.

2

Discovery

In this phase, teams perform different types of reconnaissance on their target. On the technical side, information like IP addresses can help determine information about firewalls and other connections. On the personal side, data as simple as names, job titles, and email addresses can hold great value.

3

Penetration Attempt and Exploitation

Now informed about their target, penetration experts can begin to attempt to infiltrate the environment, exploiting security weaknesses and demonstrating just how deep they can go.

4

Analysis and Reporting

Pen testers should create a report that includes details on every step of the process, highlighting what was used to successfully penetrate the application, what security weaknesses were found, other pertinent information discovered, and recommendations for remediation.

5

Clean Up and Remediation

Pen testers should leave no trace, and need to go back through systems and remove any artifacts used during the test, since they could be leveraged by a real attacker in the future. From there, and organization can begin to make the necessary fixes to close these holes in their security infrastructure.

6

Retest

The best way to ensure an organization’s remediations are effective is to test again. Additionally, IT environments, and the methods used to attack them, are constantly evolving, so it is to be expected that new weaknesses will emerge.

What are the different types of penetration tests?

BLACK BOX TEST
BLACK BOX TEST

Аlso known as a blind test. Requires zero knowledge of the company’s assets. Penetration testers perform a complete reconnaissance phase to uncover the company’s assets and get to pick their own path around security controls as well as executing a strategy of their own.

GRAY BOX TEST
GRAY BOX TEST

In this type of tests,  penetration tester knows the role of the system and of its functionalities, and also knows (though not extensively) its internal mechanisms (especially the internal data structure and the algorithms used). However, he or she does not have access to the source code!

WHITE BOX TEST
WHITE BOX TEST

Consist in reviewing the functioning of an application and its internal structure, its processes, rather than its functionalities. Here, all the internal components of the software or application are tested through the source code, main work base of the tester.

Our Advantages

Our cyber security team will push your system to its limits in a barrage of simulated cyber attacks, discovering every possible vulnerability so that your organization gets the complete picture and 100% of your data is safe.

  • Superior Skills and Experience
  • Reputation
  • Competitive Pricing
  • Results Designed For Real Decisions

Find the Risks. Understand the Consequences. Sleep better.