Cloud infrastructure penetration tests
An increasing number of companies are relying on Cloud based environments, due to the advantages of cloud computing (cost, speed, performances). But these pros are usually linked with potential vulnerabilities: this makes securing cloud-based infrastructures and applications more even more important
Indeed, despite the security measures put in place by the provider, servers configuration and privileges management is the responsibility of the user, which can lead to several security flaws. Penetration tests are used to validate the security of these environments. We are able to perform audits on various cloud infrastructures to assess the level of permeability and security.
This may involve environments such as IaaS (Infrastructure as a service), PaaS (Platform as a service), or SaaaS (Software as a service), on platforms such as Microsoft Azure, Amazon's AWS platform, or Google Cloud.
Amazon Web Service (AWS)
Our auditors test a series of configuration parameters related to intrusion scenarios in order to validate or deny the existence of concrete threats. These scenarios include:
- EC2 instance exploitation
- Audit of the configuration of S3 buckets
- Exploitation related to vulnerable lambda functions
- Privilege Management Audit
- Compromise of EC2 keys
Microsoft Azure
Our auditors test a series of configuration parameters related to intrusion scenarios in order to validate or deny the existence of concrete threats. These tests can notably cover all products in the "Microsoft Cloud" range (Azure Active Directory, Microsoft Intune, Microsoft Azure, Microsoft Dynamics 365, Microsoft Account, Office 365, Azure DevOps). The tests can be oriented around:
- Tests on the termination points for the top 10 OWASP vulnerabilities
- Port scanning
- Termination points fuzzing
- Logs compromise
Google Cloud
Our auditors test a series of configuration parameters related to intrusion scenarios in order to validate or deny the existence of concrete threats. These scenarios include:
- Control of the privilege escalation of a standard user of the environment, and delimitation of rights and resources
- Audit of privilege management and access control: verification of the least privilege principle
- Escalation of inter-user/inter-project privilege
- Attempt to exploit Kubernetes and audit its configuration
- Perimeter exposure check
- Cloud functions configuration audit
- Pivot between cloud environments exploiting inter-cloud permissions
Contact : 04 26 78 24 86 | Follow us on 
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.