Cloud Penetration Testing (1)

Cloud Penetration Testing

  • Check the SLA and ensure that proper contract terms have been detailed between the CSP and the user.  
  • Please go through the internet protocols and policies and ensure that it has been aptly implemented  
  • Check the coordination and the scheduling of the test by CSP  
  • Undertake repeatable and methodical tests to find out vulnerabilities in applications  
  • Ensure that the service of unused ports and protocols are blocked  
  • Ensure that the data stored in cloud servers is default encrypted  
  • Validate the protocols for access by testing two-factor authentication  
  • Check CSP’s records in maintaining resources on cloud  
  • Make sure that the cloud certificates are bought from reputed authorities like (COMODO, Entrust, GeoTrust, Symantec, Thawte, etc.)  
  • Use Appropriate Security Controls to check the components of the data center, devices, and the access points  
  • Check the security of the shared resources in the cloud to prevent Side-channel attacks  
  • Check the requests and responses in the cloud to prevent Session Riding Attacks (Cross-Site Request Forgery)  
  • Employ centralized authentication and use single sign-on for SAAS applications  
  • Use tools such as load storm for load testing on cloud  
  • Use tools like BlazeMeter to measure end to end performance of applications mobile and web  
  • Perform internal and external penetration testing  
  • Perform vulnerability scanning in the hosted cloud environment  
  • Encrypt all passwords and check their strength  
  • Check the authentication policies for users  
  • Create multiple penetration testing modules for various types of attacks like  
  • Network sniffing for service hijacking  
  • XSS attacks for session hijacking  
  • DNS attacks  
  • DoS and DDoS attacks  
  • SQL injection attacks and more  
Register a Free Cloud ROI Assesment Workshop

Register a Free Cloud ROI Assesment Workshop

Get a Detailed assessment report with recommendations with an assessment report

Schedule free Workshop
Register a Free Cloud ROI Assesment Workshop
Register a Free Cloud ROI Assesment Workshop

Related articles you may would like to read

Leveraging Cloud Data Platforms to drive value for the Enterprises

Request a Consultation