- Check the SLA and ensure that proper contract terms have been detailed between the CSP and the user.
- Please go through the internet protocols and policies and ensure that it has been aptly implemented
- Check the coordination and the scheduling of the test by CSP
- Undertake repeatable and methodical tests to find out vulnerabilities in applications
- Ensure that the service of unused ports and protocols are blocked
- Ensure that the data stored in cloud servers is default encrypted
- Validate the protocols for access by testing two-factor authentication
- Check CSP’s records in maintaining resources on cloud
- Make sure that the cloud certificates are bought from reputed authorities like (COMODO, Entrust, GeoTrust, Symantec, Thawte, etc.)
- Use Appropriate Security Controls to check the components of the data center, devices, and the access points
- Check the security of the shared resources in the cloud to prevent Side-channel attacks
- Check the requests and responses in the cloud to prevent Session Riding Attacks (Cross-Site Request Forgery)
- Employ centralized authentication and use single sign-on for SAAS applications
- Use tools such as load storm for load testing on cloud
- Use tools like BlazeMeter to measure end to end performance of applications mobile and web
- Perform internal and external penetration testing
- Perform vulnerability scanning in the hosted cloud environment
- Encrypt all passwords and check their strength
- Check the authentication policies for users
- Create multiple penetration testing modules for various types of attacks like
- Network sniffing for service hijacking
- XSS attacks for session hijacking
- DNS attacks
- DoS and DDoS attacks
- SQL injection attacks and more