AWS Security Assessment
One of the strongest features of AWS is the immense flexibility it offers the user in setting up the environment. This flexibility is great, but it also poses a major security problem.

AWS Security Assessment

One of the strongest features of AWS is the immense flexibility it offers the user in setting up the environment. This flexibility is great, but it also poses a major security problem.

What is a AWS Security Assessment?

The Amazon Web Services, or AWS, Security Assessment provides your organization with a security analysis of the effectiveness of the AWS configuration. Here, the AWS architecture and its powerful APIs are analyzed using the methods of a real attacker. Deeply integrated into the AWS ecosystem, our security engineers test for a number of AWS-specific misconfigurations, permissions and implementation flaws. As the basis for secure applications and communication, the cloud infrastructure must not be neglected. Advanced knowledge of server operating systems, transport encryption and infrastructure configuration enables our security engineers to efficiently analyze AWS configurations.

Penetration Test for AWS Configurations

The pentest for AWS configurations is planned, performed and evaluated by our specially trained security engineers according to recognized standards.

We protect your AWS cloud from misconfiguration!
  • Compliance with industry safety standards with certification for the customer
  • We test IAM permissions for exploitable misconfigurations, the access keys for EC2 user accounts, AWS privileges for IAM misconfigurations, lambda functions and bypassing CloudTrail.
  • Extensive research ensures that even daily weaknesses can be identified.
We carry out safety analyses based on recognised standards and guidelines.
  • Our processes are adapted to the practical guidelines of the Federal Office for Information Security (BSI).
  • We have developed a comprehensive final report that provides an optimal insight into our work and its results. Audits are conducted and evaluated according to the OWASP Cloud Security Guide. An alignment with OSSTMM and PCIDSS is also possible on request.

Scope of Amazon Web Services Testing

In principle, the longer our security engineers examine your configuration, the more meaningful the results are. If you have special requirements, we will be happy to make you an individual offer.

  • IAM

    The purpose of this category is to analyze permissions for privilege escalation paths, through services such as Lambda, EC2, etc., and check for incorrectly configured roles and access attempts.

  • EC2/VPC

    The purpose of this category is to enumerate instances, security groups and AMIs for performing EC2 attacks. In addition, the misuse of the Simple Systems Manager for remote access to instances is tested and an analysis of EC2 user data for system credentials is created.

  • S3

    This category covers checking for incorrectly configured buckets by unauthenticated access. After authentication, access to S3 buckets for sensitive files and data can be checked and the use of existing S3 buckets for exfiltration of data or for further attacks can be checked.

  • RDS

    The goal of this category is to ensure that the rules of the security group for access to RDS databases cannot be bypassed. Additionally, RDS authentication is verified by copying backups and changing the RDS password. Finally, it is checked whether exfiltration of RDS data through the C2 channel across accounts is possible.

  • CloudTrail

    The requirements in this category are intended to ensure that different methods of avoiding detection and covering up traces are recognised. In addition, logs are analysed to get a better idea of the AWS ecosystem.

  • Lambda

    The goal of this category is to ensure that the code and configuration do not contain sensitive information. It also tests privilege escalation through Lambda IAM roles and SDKs. Finally, a data exfiltration by modifying data processing functions is simulated.

Cloud Security Assessment

Curious? Convinced? Interested?

Arrange a non-binding initial meeting with one of our sales representatives. Use the following link to select an appointment:

 Arrange a meeting

Loading...