Cloud service penetration testing

Providing the security assurances you need when it comes to your cloud-based services

Why do your cloud services need testing?

Migrating business functions and hosting requirements to the cloud is extremely popular, with more and more organisations taking advantage of the cost benefits, convenience, accessibility and flexibility it provides.

Despite widespread adoption, many organisations fail to appropriately lock down or secure their cloud instances, leading to sensitive data being available to internet-based attackers. 

Our cloud assessments are designed to evaluate the security of your services, providing you with the assurances you require.

Common cloud services we test include:

Amazon Web Services (AWS)

Microsoft Office 365

Microsoft Azure

Google Cloud Platform

Find out more about Pentest

Find out more about Pentest, the support we offer and
the reasons clients choose us.

What we review

Our cloud testing is tailored to your requirements and our consultants will perform a wide range of checks to ensure you are protected. The following provides an example of the checks we may perform, note this is not an exhaustive list and many of the checks will depend on the specific service under review:

Multi-factor authentication on administrative users and other high-privileged user roles

Anti-automation techniques are implemented, such as account lockouts

Appropriate logging is in place to allow auditing of suspicious behaviour

Appropriate warnings are sent when suspicious behaviour occurs, such as failed login attempts

Data loss prevention systems are configured to identify sensitive data transfer

Secure access controls on any sensitive data held on the cloud services

Our cloud test process

Every cloud service penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:

1. Scoping

Your dedicated account manager (AM) will work closely with you to understand your business, the application under review & the desired outcomes. The AM will then work with the assigned Pentest consultants & your stakeholders to ensure testing meets your exact needs.

2. Proposal

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach, the prerequisites needed & the time required to investigate the target.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements. All testing is conducted manually and our consultants will look to identify as many issues as possible in the time allotted.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered following the test. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of a report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply additional documentation which will provide these assurances to your internal and/or external stakeholders.

Why choose Pentest?

Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.

Contact us

Want to find out more about our cloud service penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.