HOW IT WORKS

1 INFORMATION GATHERING

We understand customer requirement, working of the IT asset deployed on cloud (IaaS, SaaS, PaaS etc) and use case of the cloud deployment.

2 PLANNING AND ANALYSIS

Based on the information collected we devise a full scale “Red Team” approach to mimic real time attacks. To minimise impact we plan the attack, either on dummy environment or during times of lowest network activity (lowest traffic).

3 VULNERABILITY ASSESSMENT

We analyse the cloud configuration, security controls, access levels and the type of instance. Based on this, we design the attack plan and risk assessment strategy.

4 PENETRATION TESTING

Here we run exploits on the cloud to evaluate its security. We use custom scripts, open source exploits, in-house tools and third-party exploit frameworks to achieve high degree of penetration. Based on factors like vendor, type of cloud instance, requirement of IT asset, we exploit the vulnerabilities present and generate PoCs.

5 REPORTING

We generate concise and succinct reports of the vulnerabilities discovered along with discussion on the nature of vulnerability, its impact, threat level and recommendation to remove the vulnerability.

6 DISCUSSION

Our technical experts discuss the report, along with the bugs found, and their impact scenario with the development team of the client. We also suggest third party tools to improve the security of the cloud deployment.

ADVANTAGES

  • Comprehensive risk assessment of the cloud infrastructure.
  • Remove possibilities of data breaches and hacks due to misconfigured instances.
  • Improve security of the instance by integrating compatible third-party security tools.
  • Implement additional security modules like encryption, 2-Factor Authentication and access level separation.