Cloud Penetration Testing
How We Pentest your AWS, Azure, or GCP Account
At 2nd Sight Lab, we focus on helping you improve security - not just finding some obscure way to attack your systems. We do more than use a tool to scan your systems and generate an automated report. We do leverage tools and automation and have a set process for performing penetration tests on cloud accounts. By using the same approach each time, we can dive deeper faster and provide more value. We execute a combination of assessment and penetration activities to determine the overall security of your account and the applications running in it. We provide analysis of each finding to offer mitigation steps your team can use to fix the problem and additional resources for those who want to dive deeper.
Qualifications and Certifications
Teri Radichel, principle penetration tester has three of the certifications
recommended by PCI: GCIH, GPEN, GXPN and is a SANS GSE
. She also holds a certification
in reverse engineering and teaches cloud penetration testing in the 2nd Sight
Lab Cloud Security Architecture and Engineering class
. She also has a master of software engineering,
master of information security engineering, and has over 25 years of programming and
security experience. Teri is also an AWS Hero
and runs the Seattle AWS Architects & Engineers Meetup which has close to 3,000 members.
She is a member of Infragard and formerly worked for companies like F5, Nordstrom, and
Capital One, either as an employee or as a consultant. Teri was on the original team
that helped Capital One move production workloads to the cloud. She is also an IANS Faculty
Member and SANS Institute awarded her the SANS Difference Makers Award for her
innovative work in cloud security. Teri hires only highly qualified contractors
and partner penetration testing companies whom she knows personally to assist with penetration tests as required.
We perform the following activities during a pentest of your AWS, Azure, or GCP account:
- Web application testing to see if vulnerable applications provider access.
- Assess cloud configuration in AWS, Azure, or GCP.
- Tests include some reverse engineering and limited code review
- Cloud architecture reviews are also available upon request and will require system documentation
- We perform fuzzing for maximum coverage since the time for testing is limited
Cloud Penetration Testing Process
- Tests are performed part-time at random times over 3 to 4 week period
- The testing period is a defined period with a start and end date
- We perform tests from an AWS region, and network access must be available
- We test in non-production environments and can verify in production
- Rate limiting needs to be turned off for fuzzing to work
- Contacts must be available who can help restore access as needed
- We report in as desired by the client
- We require the approval of a C-Level executive to perform the test
- Customers need to provide appropriate credentials and respond in a timely manner
The cloud penetration process is different due to dynamic nature ephemeral resources and limitations
on certain types of testing. Testers must understand cloud technologies
and cloud provider-specific requirements related to scope.
We request cloud credentials with a specific role and domain names, URLs, and
an AWS account number instead of IP addresses. We test from
dynamic IP addresses in an AWS region.
We help customers understand the
process further in the setup phase of the penetration test. We aim for coverage over stealth.
High-level penetration testing steps:
1. Define scope and rules of engagement with the customer
2. Set up and Reconnaissance
3. Scan web applications, network, and cloud account
5. Validation of findings by various tools
6. Report Writing and Delivery
Penetration Testing Report
Our reports include high-level and detailed prioritized findings, steps to reproduce,
recommended remediation, and additional resources related to each finding.
Request a Penetration Test
To request a penetration test, connect with Teri on LinkedIn
, or Twitter
or call 206.909.8374 to request a meeting to discuss further.