Generally, the team will start with an initial connection to the cloud services over the Internet or via an authorised VPN connection, and explore further as they gain more understanding of the client’s specific service provision.
The specific steps will depend on the cloud service type, the features used by the client, and the degree to which features are exposed to the Internet or internal users.
It will typically include:
- Reconnaissance – Understanding the service and environment, and any existing monitoring or alerting processes that may be in place.
- Scanning – Automated detection of potential vulnerable services or configuration errors that may increase the potential for the service to be attacked.
- Vulnerability Assessment – If applicable, identification and exploitation of OWASP Top 10 vulnerabilities.
- Microservice Logic Testing – Identification and exploitation of flaws in microservice or function unit logic which could be used to cause harm to the client, or to obtain sensitive data.
- Unauthorised Administration Testing – If appropriate, attempt to gain unauthorised administrative access to services or virtual servers.
- Source Code Analysis – If provided or obtained during testing, any source code will be assessed for any remotely exploitable vulnerabilities that were not otherwise identified.
- Cleanup – Wherever possible, leaving minimal evidence of the engagement.
- Offline Analysis – Obtaining and analysing any data obtained to understand the potential impact of compromise to the client.
- Reporting – Ensuring that the client gets a full understanding of the findings of the engagement, and recommended solutions to address any issues identified.