- API Penetration Testing

Cloud Penetration Testing

AWS, Azure, GCP and AliCloud
What is Cloud Penetration Testing?

Cloud penetration testing is a strong mix of configuration reviews, attack surface assessment, and cloud adversary emulation to cover all possible vectors of attack.
A. Configuration Analysis
We discover cloud security misconfigurations highlighting critical cloud security gaps, for example:
  1. User and identity management
  2. Weak service control policies
  3. Poor secrets management practices
  4. Open S3 buckets
  5. Open VPC
  6. Switched off logging and detection controls (CloudTrail, GuardDuty)
B. Cloud Adversary Emulation
We emulate determined and well-versed with cloud adversary by performing brute force of your S3 buckets and black-box scanning of your cloud networks
C. Leaked Credentials Discovery
We research public software repositories for leaked AWS access keys in the case corresponding AWS policy was not enabled and there is a risk a key was compromised

How We Differ

We maintain laser focus on API Penetration Testing and related disciplines
Digital Experience
We provide Customer Portal access with all findings and recommendation for each customer - the portal could be connected to customers' systems like Jira
We employ experts with 5+ years of experience delivered security assesments for UK, EU, US, Hong Kong and Israeli companies