Question: I want to test the security of my AWS/GCP/Azure environment. How does that translate into penetration testing?
Answer: There are two ways to look at pentesting Cloud Infrastructure environments - from a network perspective and from a configuration perspective.
Whats the difference?
Cloud configuration reviews are specific to IaaS providers. The providers that Cobalt can test are AWS, GCP, and Azure. This methodology requires read-only IAM access to look at the configurations of the services and resources provided by your IaaS provider.
Some common vulnerabilities found by using this methodology are:
- AWS/GCP security checks including ‘open-wide security groups’ and excessive permissions.
- multi-factor authentication requirements, implementation or operation
- Kubernetes Engine security configurations
Top 5 Cloud config vulnerabilities to Cloud Config tests
- Testing S3 bucket configuration and permissions flaws
- Targeting and compromising IAM keys
- Cloudfront/WAF Misconfiguration Bypasses
- Establishing private-cloud access through Lambda backdoor functions
- Cover tracks by obfuscating Cloudtrail logs
External Cloud Network Penetration Testing
When using this methodology Cobalt will test your Cloud network holistically. We'll look at testing all services provided by your IaaS provider, segmentation testing and include testing of services provided by other vendors including WAF, CDN, and DNS.
Our Network penetration testing methodology is based on the OSSTMM methodology.
More information available on our External Network Penetration test Methodology page.
Which Methodology is right for you?
For PCI compliance the External Network Penetration testing methodology is required.
Cloud Configuration reviews are not required by any compliance frameworks, however, it should be considered when moving from an on-premise facility to pure cloud, changing Cloud providers and when there is a major infrastructure change.