AWS Penetration Testing Services

Following are the Security Assessment that are performed on an AWS environment

Type 1

Consider your web application hosted on a VPS or dedicated server and later moved to the cloud platform in which only your developed web application is considered in the scope.

Type 2

This type of cloud assessment is performed where in the cloud system cannot be accessed externally and is private and which has firewall to prevent direct access and can only be accessed by a bastion host.

Type 3

Testing the cloud console for any misconfigurations such as the created user accounts and their permissions, implemented ACL, etc. This is more of a configuration review verifying standards policies have been implemented while creating accounts. We can identify different techniques to perform privilege escalation.

AWS Penetration Testing Methodology

AWS Scoping
Vulnerability Analysis
Reconnaissance and Enumeration
Mapping and Service Identification
AWS Scanning
AWS Analysis
Strategic Mitigation
Patch Verification
A holistic approach to perform penetration testwith security checklists based on industry standards, including OWASP Top Ten, PCI Compliance, and NIST 800-53.

AWS Cloud Penetration Testing Test Cases

  • Risks around S3 are effectively:
    • Listable buckets
    • World-readable buckets
    • World-writeable buckets
  • Subdomain takeover
  • Public access to server behind load balancer
  • Tests for bastion hosts
  • Tests network infrastructure for various network level vulnerabilities
  • AWS Security Checks:
  • Compliance Level scanning for configurations
  • Amazon Machine Images (AMIs)
  • Operating systems
  • Applications
  • Data in transit
  • Data at rest
  • Data stores
  • Credentials
  • Targeting and compromising AWS Access keys
  • Targeting and compromising network configured improperly