Cloud Security Penetration Testing

Protect against what threatens your cloud environments

Many organizations believe that moving to a cloud-based architecture eliminates many risks and vulnerabilities that plague traditional models. Unfortunately, this is not the case. Not only are traditional security measures no longer effective at managing a cloud environment, but moving to a cloud architecture also introduces a new array of threats. For this reason, it is critical to perform comprehensive penentration testing of all cloud infrastructures.

CSP pen test attack vectors

  • Attack the cloud environment from the Internet, emulating an anonymous attacker
  • Attack the cloud environment from within the context of a customer’s access, emulating the impact a compromised customer system or partner network may have, by:
    • Escalating privileges within the customer environment
    • Gaining access to CSP backbone infrastructure
    • Compromising other cloud service tenants
  • Attack the corporation by:
    • Gaining a foothold in the environment through social engineering
    • Compromising systems to collect credentials that have access to the cloud environment
    • Compromising systems to gain access to source code or other sensitive programming material

Cloud consumer penetration test attack vectors

  • For virtual private clouds, attack the cloud environment from the Internet, emulating an anonymous attacker
  • Attack the cloud environment from within the context of an internally authenticated user, emulating the impact an internal threat to:
    • Escalate privileges within the cloud service
    • Gain access to other backbone infrastructure
  • Attack the corporation by:
    • Gaining a foothold in the environment through social engineering
    • Compromising systems in the corporate environment with the goal of collecting credentials that have access to the cloud environment
    • Compromising development and administrative systems to gain access to source code or other sensitive programming material

Why Partner with Coalfire

  • Identify risks to your organization before experiencing a negative impact to the business
  • Reveal cloud infrastructure vulnerabilities and have a clear path to remediation
  • Improve cloud security posture and defense capabilities
  • Ensure business continuity