CLOUD PENETRATION TESTING

Nettitude has extensive experience in working with all major cloud service providers. Shared services have become extremely common, and organisations are leveraging cloud services with increasing frequency. As a consequence, Nettitude delivers cloud service testing and technical assurance as a core part of its penetration testing offerings.

Why is Cloud service testing necessary?

As Nettitude continue to see more services migrating to the cloud, the need for Cloud security testing increases. Nettitude delivers Cloud based penetration testing for Cloud service providers and for the clients that use these services.

Whether it is Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (Saas), Nettitude’s information security and penetration testing consultants are experienced in testing and security all types of environments.

Request a free quote

CREST-CHECK-ASV-STAR-CBEST-

Cloud Service Providers Nettitude work with

Nettitude has had experience in testing many of the larger Cloud based environments including Amazon’s EC2 environment, Rackspace Managed Cloud and Microsoft’s Azure platform. In addition, the methodologies and approaches gained within these environments gives us the insight in to how to test other cloud based services.

Similarly, for software houses and development companies that are publishing their applications in to the cloud, Nettitude has a range of services that provide system assurance for these offerings.

RELATED BLOG

As businesses face large cyber breaches with increasing regularity should we be gearing up for an ultimate breach?

THE CLOUD PROBLEM

Types of vulnerabilities frequently identified in cloud environments

Cloud service testing is used to deliver assurance against the build and configuration of the service providers environment. Cloud services can be made just as secure as on premise services, however through inadequate configuration, it is common to see administrative UI’s management features available online.

The types of issues Nettitude frequently see

  • Administrative UI’s available, (Including Hypervisor and OS interfaces)

  • Nettitude management consoles

  • Administrative daemons

  • Poor firewalling logic making other non-core services available online

Nettitude has an intricate understanding of many of the shared technologies are implemented to deliver cloud based services. In addition to this, Nettitude has extensive experience in identifying some of the vulnerabilities that can be created by these types of environments. As a consequence of this, Nettitude is able to deliver highly effective testing strategies for all types of public and private cloud infrastructures.

Nettitude has a defined security testing methodology that applies to testing IaaS, PaaS and SaaS environment. This methodology combines many of the steps found in our standard penetration testing methodology with our web application security testing methodology.