Cloud Services Penetration Testing

Typically focused on an opportunistic, Internet based, attacker, this type of penetration testing focuses on compromising or obtaining privileged access to data stored or processed by a client's Cloud services, such as those provided by Amazon Web Services (AWS) and Microsoft Azure.

Generally, the team will start with an initial connection to the cloud services over the Internet or via an authorised VPN connection, and explore further as they gain more understanding of the client’s specific service provision.

The specific steps will depend on the cloud service type, the features used by the client, and the degree to which features are exposed to the Internet or internal users, but will typically include: