Protect your Coud Infrastructure!
Due to the increasing complexity of cloud infrastructures, many services are incorrectly configured. We help you identify and eliminate misconfigurations and their effects.

Protect your Coud Infrastructure!

Due to the increasing complexity of cloud infrastructures, many services are incorrectly configured. We help you identify and eliminate misconfigurations and their effects.

What is a Cloud Security Assessment?

In a Cloud Security Assessment, a cloud infrastructure is analyzed and evaluated. The various configurations in terms of identity and user rights differ greatly from traditional infrastructure. Our procedures are specifically designed to meet these needs and effectively identify the configuration and implementation errors. Any security issues dentified are presented to the customer together with an impact assessment, a risk elimination proposal or a technical solution.

Cloud Security Assessment

Penetration Test for Cloud Configurations

Pentests for cloud configurations are planned, performed and evaluated by our specially trained security engineers according to recognized IT security standards.

  • Free certification as proof for your customers
  • Business risk analysis and management summary for the management
  • One-time verification free of charge
  • Comprehensive recommendation for the elimination of configuration and implementation errors

Our experienced security engineers uncover errors in configurations before a real hacker can exploit them. Reduce remediation costs and network downtime. We conduct audits according to the OWASP Cloud Security Guide.

The final report allows your company to develop efficient security measures. We are happy to audit the cloud infrastructure at regular intervals, as the constant changes in the system should be continuously monitored.

We offer our services in various complexities and recognized standards in close consultation with our clients.

Range of Offers for Cloud Services

We offer Cloud Security Assessment for the following cloud vendors.

Amazon Web Services

One of the strongest features of AWS is the immense flexibility it offers the user in setting up the environment. This flexibility is great, but it also poses a major security problem.

Google Cloud Platform

GCP offers a model of shared responsibility where the customer is responsible for security, such as server configuration, privileges granted in your environment and implementations.

Microsoft Azure

Azure is equipped with a number of safety features for experienced users. While this is a good start, it is the responsibility of each user to maintain stability and security.

Other useful services in the context of a Cloud Security Assessment arePentests or Adversary Simulations.

Cloud Analysis Report

We have developed a comprehensive reporting format that provides optimal insight into our work and its results.

  • Our detailed reporting format not only shows which vulnerabilities were identified during the pentest, but also which attack vectors were checked. This allows you to understand our work in an optimal way.
  • The final report is individually created and delivered both as a classic PDF document and in a special HTML format. In the dynamic HTML format, content and vulnerability findings can be filtered, sorted and exported to other formats.
  • In a joint final meeting, we discuss the details of the report with you and, if necessary, support you in eliminating the identified weaknesses.


Companies that trust our professional competence.

  • Frederik Vollert
    Frederik Vollert
    Managing Director & Co-Founder of Phrase

    turingpoint conducted a web penetration test on the website and API as an external system audit as part of our Information Security Management System. The team conducted the tests in a highly professional manner, identifying a number of potentially malicious exploits and security enhancements through libraries, the application of security protocols and the browser level. The report helped us identify current strengths and weaknesses in our security architecture and resulted in changes to our code base to minimize security weaknesses. We look forward to our next penetration test with turingpoint!

  • David Holetzeck
    Dr. med. Christoph Twesten
    Founder / CTO – MillionFriends

    Perfood GmbH address several diseases and predeseases with digital therapeutics. The portfolio includes medical products and DIGAs (digital health application under the German Healthcare Act). IT Security is a very important aspect of our business. In April 2020 turingpoint conducted a penetration-test on the API of our backend as an external system audit as part of the certification process for one of our medical products. In July 2020 we consulted turingpoint for a global Cybersecurity audit including our mobile app, backend, website and aspects of IT security in our office in Lübeck. The team conducted the tests in a very professional way and was a great help in finding potential threats and optimize the security of our system. Turingpoint also reviewed the architecture of our backend setup and helped us to design this critical part of our infrastructure in the most secure way. We are very satisfied with the results and looking forward to our next project together!

  • David Holetzeck
    David Holetzeck
    CEO – Table of Visions

    Our expectations regarding quality, customer service and the execution of the penetration test and the hosting security check were exceeded and we can recommend the team of turingpoint GmbH without any restrictions. If you are looking for a service provider who prepares documents in such a way that everyone can understand them and provides advice on how to solve problems, turingpoint is the right partner for you.

  • Phrase
  • MillionFriends
  • Billomat
  • Speechagain
  • dWERK
  • Table of Visions
  • micro-biolytics GmbH
  • Digital Health Factory
  • M2P
  • Laufenberg
  • Perfood
  • RocketBeans
  • Mevaco

Certificates & Partner

We maintain a network for active exchange of knowledge and assistance.

  • OSCP
  • Portswigger
  • Tenable
  • rapid7
  • Security made in Germany
  • Allianz für Cyber-Sicherheit

Curious? Convinced? Interested?

Arrange a non-binding initial meeting with one of our sales representatives. Use the following link to select an appointment:

 Arrange a meeting