We understand customer requirement, working of the IT asset deployed on cloud (IaaS, SaaS, PaaS etc) and use case of the cloud deployment.
Based on the information collected we devise a full scale “Red Team” approach to mimic real time attacks. To minimise impact we plan the attack, either on dummy environment or during times of lowest network activity (lowest traffic).
We analyse the cloud configuration, security controls, access levels and the type of instance. Based on this, we design the attack plan and risk assessment strategy.
Here we run exploits on the cloud to evaluate its security. We use custom scripts, open source exploits, in-house tools and third-party exploit frameworks to achieve high degree of penetration. Based on factors like vendor, type of cloud instance, requirement of IT asset, we exploit the vulnerabilities present and generate PoCs.
We generate concise and succinct reports of the vulnerabilities discovered along with discussion on the nature of vulnerability, its impact, threat level and recommendation to remove the vulnerability.
Our technical experts discuss the report, along with the bugs found, and their impact scenario with the development team of the client. We also suggest third party tools to improve the security of the cloud deployment.