Cloud Penetration Testing

Cloud Penetration Testing

Whether it is Infrastructure as a Services (IaaS), or Software as a Service (Saas), Nettitude’s consultants are experienced in testing and security all types of environments.

As we continue to see more services migrating to the cloud, so the need for cloud security testing increases. Nettitude delivers cloud based penetration testing for cloud service providers as well for the clients that use these services.

Looking for cloud penetration testing services?

Our Cloud Penetration Testers Experience

Nettitude has had experience is testing many of the larger cloud based environments including Amazon’s EC2 environment, rackspace managed cloud and Microsoft’s azure platform. In addition, the methodologies and approaches gained within these environments give us the insight on how to test other cloud based services.

Similarly, for software houses and development companies that are publishing their applications in to the cloud, Nettitude has a range of services that provide systems assurance for these offerings.

Nettitude has an intricate understanding of many of the shared technologies that are implemented to deliver cloud based services. In addition to this, Nettitude has extensive experience in identifying some of the vulnerabilities that can be created by these types of environments. As a consequence of this, Nettitude is able to deliver highly effective testing strategies for all types of public and private cloud infrastructures.

Nettitude’s Cloud Security Testing Methodology

Nettitude has a defined security testing methodology that applies to testing IaaS, PaaS and SaaS environment. This methodology combines many of the steps found in our standard penetration Testing methodology with our Web Application Security Testing methodology. In addition, Nettitude provides an additional level of assessment across the hypervisor layer. Through white box and grey box assessments it is possible to conduct penetration tests within the cloud security building blocks. Depending on the environment, this can involve uploading proprietary scripts and binaries to undertake assessment or even uploading virtual images for assessment to be conducted from within.

Due to the fact that cloud testing is most frequently conducted against shared services, it is usual practice for Nettitude to contact the cloud service provider prior to conducting the tests. In some instances, a cloud provider authorisation document is required to define testing windows and the scope of assessment that is authorised. Nettitude’s security team is able to guide you through this cloud testing authorisation process.

Intelligent Cyber Security and Risk Management   0345 5200 085    solutions@nettitude.co.uk