CLOUD PENETRATION TESTING
Nettitude has extensive experience in working with all major cloud service providers. Shared services have become extremely common, and organisations are leveraging cloud services with increasing frequency. As a consequence, Nettitude delivers cloud testing services and technical assurance as a core part of its penetration testing offerings.
Why is a Cloud testing service necessary?
As Nettitude continue to see more services migrating to the cloud, the need for Cloud security testing increases. Nettitude delivers Cloud based penetration testing for Cloud service providers as well for the clients that use these services.
Whether it is Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (Saas), Nettitude’s information security and penetration testing consultants are experienced in testing and security for all types of environments.
Request a free quote
Cloud Service Providers Nettitude works with
Nettitude has had experience in testing many of the larger Cloud based environments including Amazon’s EC2 environment, Rackspace Managed Cloud and Microsoft’s Azure platform. In addition, the methodologies and approaches gained within these environments gives us the insight in to how to test other cloud based services.
Similarly, for software houses and development companies that are publishing their applications in to the cloud, Nettitude has a range of services that provide system assurance for these offerings.
Types of vulnerabilities frequently identified in cloud environments
Cloud service testing is used to deliver assurance against the build and configuration of the service providers environment. Cloud services can be made just as secure as on premise services, however through inadequate configuration, it is common to see administrative UI’s management features available online.
The types of issues Nettitude frequently see
Administrative UI’s available, (Including Hypervisor and OS interfaces)
Nettitude management consoles
Poor firewalling logic making other non-core services available online
Nettitude has an intricate understanding of how many of the shared technologies are implemented to deliver cloud based services. In addition to this, Nettitude has extensive experience in identifying some of the vulnerabilities that can be created by these types of environments. As a consequence of this, Nettitude is able to deliver highly effective cloud penetration testing strategies for all types of public and private cloud infrastructures.
Nettitude has a defined security testing methodology that applies to testing IaaS, PaaS and SaaS environment. This methodology combines many of the steps found in our standard penetration testing methodology with our web application security testing methodology.