Cloud Penetration Testing (1)

Cloud Penetration Testing

  • Check the SLA and ensure that proper contract terms have been detailed between the CSP and the user. 
  • Go through the internet protocols and policies and ensure that it has been aptly implemented 
  • Check the coordination and the scheduling of the test by CSP 
  • Undertake repeatable and methodical tests to find out vulnerabilities in applications 
  • Ensure that the service of unused ports and protocols are blocked 
  • Ensure that the data stored in cloud servers is default encrypted 
  • Validate the protocols for access by testing two factor authentication 
  • Check CSP’s records in maintaining resources on cloud 
  • Make sure that the cloud certificates are bought from reputed authorities like (COMODO, Entrust, GeoTrust, Symantec, Thawte etc.) 
  • Use Appropriate Security Controls to check the components of data centre, devices and the access points 
  • Check the security of the shared resources in the cloud to prevent Side channel attacks 
  • Check the requests and responses in the cloud to prevent Session Riding Attacks (Cross Site Request Forgery) 
  • Employ centralized authentication and use single sign on for SAAS applications 
  • Use tools such as load storm for load testing on cloud 
  • Use tool like blazemeter to measure end to end performance of applications mobile and web 
  • Perform internal and external penetration testing 
  • Perform vulnerability scanning in the hosted cloud environment 
  • Encrypt all passwords and check their strength 
  • Check the authentication policies for users 
  • Create multiple penetration testing modules for various types of attacks like 
  • Network sniffing for service hijacking 
  • XSS attacks for session hijacking 
  • DNS attacks 
  • DoS and DDoS attacks 
  • SQL injection attacks and more 
Get free consultation from our tech experts

Get free consultation from our tech experts

Schedule a discussion
Get free consultation from our tech experts
Get free consultation from our tech experts

Related Posts

Aligned to business domains to provide deep expertise to solving and enabling business units
Connect With Us

Request a Consultation