Cloud Penetration Testing (1)

Cloud Penetration Testing

  • Check the SLA and ensure that proper contract terms have been detailed between the CSP and the user.  
  • Please go through the internet protocols and policies and ensure that it has been aptly implemented  
  • Check the coordination and the scheduling of the test by CSP  
  • Undertake repeatable and methodical tests to find out vulnerabilities in applications  
  • Ensure that the service of unused ports and protocols are blocked  
  • Ensure that the data stored in cloud servers is default encrypted  
  • Validate the protocols for access by testing two-factor authentication  
  • Check CSP’s records in maintaining resources on cloud  
  • Make sure that the cloud certificates are bought from reputed authorities like (COMODO, Entrust, GeoTrust, Symantec, Thawte, etc.)  
  • Use Appropriate Security Controls to check the components of the data center, devices, and the access points  
  • Check the security of the shared resources in the cloud to prevent Side-channel attacks  
  • Check the requests and responses in the cloud to prevent Session Riding Attacks (Cross-Site Request Forgery)  
  • Employ centralized authentication and use single sign-on for SAAS applications  
  • Use tools such as load storm for load testing on cloud  
  • Use tools like BlazeMeter to measure end to end performance of applications mobile and web  
  • Perform internal and external penetration testing  
  • Perform vulnerability scanning in the hosted cloud environment  
  • Encrypt all passwords and check their strength  
  • Check the authentication policies for users  
  • Create multiple penetration testing modules for various types of attacks like  
  • Network sniffing for service hijacking  
  • XSS attacks for session hijacking  
  • DNS attacks  
  • DoS and DDoS attacks  
  • SQL injection attacks and more  
Get free consultation from our tech experts

Get free consultation from our tech experts

Schedule a discussion
Get free consultation from our tech experts
Get free consultation from our tech experts

Related articles you may would like to read

Why should you consider migrating your SQL Database to Azure SQL?

Request a Consultation