Misconfigured cloud systems remain a profitable source of income for cyber criminals. SMHR’s testers will review your cloud infrastructure for these dangerous weaknesses and make recommendations where security best-practices are not being followed.
Securing cloud infrastructure is the important aspect of digital mobility. Most cloud migration services focus on speed rather than security. Multiple data breaches have taken place due to misconfigured cloud services and improper access controls.
In an AWS EC2 instance, specific areas that enable penetration testing include:
• Application Programming Interface (API) (e.g. HTTP/HTTPS)
• Web and mobile applications that hosted by your organization
• The application server and associated stack (e.g. programming languages such Python, React)
• Virtual machines and operating systems.
Many of AWS services are supported by the Software-as-a-Service (SaaS) model, which implies that the user doesn’t own the environment and can’t be pen tested in the same means as in a traditional on-premise environment or Infrastructure-as-a-Service (IaaS) model. However, the configuration and identity of those SaaS services can be tested from a black box engagement or even through a security audit.