Cloud penetration testing services
Cloud penetration testing. For AWS, Azure, GCP, and Kubernetes.
A misconfigured role or an exposed bucket is rarely the whole story. We test how those small gaps chain into real access across your cloud, then hand you the fixes and the evidence your auditor needs.
Four providers
AWS · Azure · GCP · Kubernetes, one method, four control planes.
Evidence
Working proof-of-exploit and code-level fix guidance on every finding.
Re-test included
We verify your fixes at no extra cost. One engagement, closed loop.
The window from vulnerability discovery to exploitation has gone from weeks to hours.
Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure
On record
Cloud depth.
One misconfiguration is never just one finding. It's the first step into your account.
A single over-permissive role or an exposed key is rarely the whole risk. We chain those small gaps the way an attacker would, from one weak setting to real access across your account, and show you exactly where the path breaks. For Amazon-specific depth, see AWS penetration testing.
What we test
Four cloud surfaces. One engagement.
Each provider gets a manual, threat-modelled review against its real attack surface, control plane, identity, network, and workload. Intensity tunes per scope.
Amazon AWS
IMDSv1 SSRF, IAM role chaining, public S3 enumeration, Lambda over-privilege, EKS cluster-role abuse, KMS key-policy misuse, Cognito user-pool misconfig, Secrets Manager exposure.
Microsoft Azure
Managed identity over-scope, Storage Account SAS leak, Function App env exposure, AKS pod-identity abuse, Key Vault access policy bypass, Azure AD application consent, Logic App secret reuse.
Google Cloud Platform
Workload-identity confusion, service-account impersonation, Cloud Run scope abuse, GKE node pool escape, Secret Manager IAM gaps, Cloud Storage bucket policy bypass, Cloud Functions trigger replay.
Kubernetes
Pod escape via privileged container, RBAC bypass, etcd exposure, kubelet API abuse, sidecar/init container attack paths, NetworkPolicy gaps, admission-controller bypass, ServiceAccount token theft.
CLOUD PENTEST METHODOLOGY.
Eight phases. Control plane to workload.
Threat-modelled to your control plane, identity model, and workload topology. Not a template we run against every cloud.
- 01Scope & threat-model
- 02Recon & enumeration
- 03Configuration review
- 04Identity exploitation
- 05Workload & network exploitation
- 06Vulnerability analysis
- 07Remediation guidance
- 08Patch verification
Insights
Cloud security Resources.
Cross-provider attack-path notes: AWS, Azure, GCP, written by the same reviewers who run cloud pentests.
Meet our expert
One lead across your whole cloud estate.
Nivedita Singh
Security Advisor & Engagement Lead
10+
Years in offensive security
300+
Engagements led
99.7%
On-time delivery rate
Nivedita scopes cloud-pentest engagements against your account topology, identity model, and workload boundaries. She guides the pod from kick-off through final report and re-test.
- Scopes AWS, Azure, GCP, and Kubernetes engagements against your real risk model.
- Owns kick-off, mid-engagement check-ins, and live walkthrough of every finding.
- Drives remediation review and re-test until every cloud-path finding is closed.
Ready to scope a cloud pentest? Book 30 minutes with Nivedita to walk through your topology, identity model, and timeline.
For startups
Pre-Series A? Apply for the startup program.
A single Autonomous app pentest, CREST-aligned report, engagement-lead signoff, retest included, heavily discounted for pre-Series A startups passing enterprise procurement or SOC 2 due diligence. Eligibility verified on application.
Tested by industry.
The bug classes named below come from real engagements in each sector. Pick the closest fit.
FinTech
Cloud-native banking workloads, KMS / HSM boundaries, settlement isolation.
Retail
E-commerce on cloud, POS sync APIs, customer-PII surfaces in serverless paths.
Built for Singapore engagements
What changes when we deliver here.
Compliance scoping
MAS TRM Cloud Computing Annex clause mapping
Regulatory framework
Notice 655 §4 access-control evidence pack
Local engagements
Regional bank multi-cloud — found cross-account assume-role drift
Local pricing
SGD per-account band, region multipliers disclosed up front
Compliance scoping
Provider test-notification thread filed with engagement
Cloud pentest questions from SG-licensed FIs.
Do you map findings to the MAS TRM Cloud Computing Annex?
Yes. Each issue cites Annex paragraph and the matching shared-responsibility owner so the FI's cloud governance committee can sign off.
How is Notice 655 §4 access control covered?
We exercise IAM trust paths, privileged-role drift, and break-glass account use against Notice 655 §4 expectations. The audit pack has the screenshots.
Will testing breach the provider's acceptable-use policy?
No. We file required test notifications with the provider, observe rate caps, and document the approval thread in the engagement file.
Where do test artefacts live?
All artefacts stay in the SG region under a PDPA-aligned DPA. Tagged for 30-day deletion, with audit trail handed over at report sign-off.
Delivery in Singapore
MAS TRM Cloud Annex aligned.
Cloud tests cite the MAS TRM Cloud Computing Annex and Notice 655 §4 access-control clauses. Findings name the resource, region, and the shared-responsibility line being crossed.
- Direct line
- +65-6000-0000
- Office
- Singapore
Frameworks scoped: MAS TRM · PDPA · PCI DSS · ISO/IEC 27001.
Sample engagement report
See what arrives in your inbox.
A pre-vetted sample report: full vulnerability narrative, working PoC, code-level fix guidance. Sent on request after a 5-minute scoping call.