The Amazon Web Services, or AWS, Security Assessment provides your organization with a security analysis of the effectiveness of the AWS configuration. Here, the AWS architecture and its powerful APIs are analyzed using the methods of a real attacker. Deeply integrated into the AWS ecosystem, our security engineers test for a number of AWS-specific misconfigurations, permissions and implementation flaws. As the basis for secure applications and communication, the cloud infrastructure must not be neglected. Advanced knowledge of server operating systems, transport encryption and infrastructure configuration enables our security engineers to efficiently analyze AWS configurations.
The AWS Security Assessment is planned, carried out and evaluated by our specially trained security engineers according to recognised standards.
In principle, the longer our security engineers examine your configuration, the more meaningful the results are. If you have special requirements, we will be happy to make you an individual offer.
The purpose of this category is to analyze permissions for privilege escalation paths, through services such as Lambda, EC2, etc., and check for incorrectly configured roles and access attempts.
The purpose of this category is to enumerate instances, security groups and AMIs for performing EC2 attacks. In addition, the misuse of the Simple Systems Manager for remote access to instances is tested and an analysis of EC2 user data for system credentials is created.
This category covers checking for incorrectly configured buckets by unauthenticated access. After authentication, access to S3 buckets for sensitive files and data can be checked and the use of existing S3 buckets for exfiltration of data or for further attacks can be checked.
The goal of this category is to ensure that the rules of the security group for access to RDS databases cannot be bypassed. Additionally, RDS authentication is verified by copying backups and changing the RDS password. Finally, it is checked whether exfiltration of RDS data through the C2 channel across accounts is possible.
The requirements in this category are intended to ensure that different methods of avoiding detection and covering up traces are recognised. In addition, logs are analysed to get a better idea of the AWS ecosystem.
The goal of this category is to ensure that the code and configuration do not contain sensitive information. It also tests privilege escalation through Lambda IAM roles and SDKs. Finally, a data exfiltration by modifying data processing functions is simulated.