Small cause, big effect - how a cloud penetration test makes invisible risks visible

  1. A medium-sized company used AWS to manage its customer data and backups. At first glance, everything was configured securely: Passwords were protected, access was regulated and backups were automated.</p

  2. During our penetration test, however, we discovered that an S3 bucket was publicly accessible. The cause was a single incorrect setting. This bucket contained daily generated database backups, including personal information.</p

  3. No special tools or active attacks were necessary. Simply calling up the URL was enough to download the files. The error was not known internally and was also not detected by the automated security checks used.</p

  4. A cloud penetration test helps to identify and eliminate such risks at an early stage before sensitive data is unintentionally made public or confidential information falls into the wrong hands.

What is a cloud penetration test?

A cloud penetration test is a targeted security check of your cloud infrastructure, for example in Microsoft Azure, Amazon Web Services (AWS) or Google Cloud Platform (GCP).

We analyze how your cloud services are configured, how identities and roles are managed and which authorizations are effective in which context. The aim is to realistically simulate typical attack paths, both from the perspective of an external attacker and from the perspective of a compromised account or service.

The cloud brings many advantages, but also new risks. Misconfigurations, overly broad authorizations, publicly accessible resources or forgotten access tokens are among the most common causes of security incidents in cloud environments.

A cloud penetration test helps you to identify these vulnerabilities at an early stage before they can be exploited by attackers. 

  • Securing your cloud infrastructure against internal & external attacks
  • Protecting sensitive data, services and identities
  • Reducing attack surfaces through targeted hardening
  • Supporting adherence to compliance requirements (e.g. ISO 27001, BSI, GDPR)

We examine your cloud environment holistically, tailored to the respective provider, architecture and usage scenario: 

  • Identity and authorization management (IAM) 
    Overprivileged roles, open groups, rights inheritance, shadow admins Copyright © 2023, Schönbrunn TASC GmbH 13
  • Cloud resource configuration 
    S3 buckets, blob storage, databases, VMs, firewalls, security groups
  • Access & authentication mechanisms 
    API keys, tokens, key management, missing MFA
  • Publicly accessible resources 
    Open interfaces, test systems, unprotected web applications
  • Logging & Monitoring 
    Missing audit logs, insufficient alerting, visibility gaps
  • Automation & DevOps pipelines 
    CI/CD weaknesses, secrets in repositories, unsecured deployments

Cloud environments offer enormous flexibility, but it is precisely this complexity that often makes it difficult to detect security vulnerabilities at an early stage. Misconfigurations, overprivileged roles or publicly accessible services arise quickly and often go unnoticed.

We analyze your cloud infrastructure from the perspective of real attackers. We specifically check for typical weaknesses in identities, authorizations and cloud services, always with a focus on real risks and without interfering with your production systems. 

Scoping & target definition 

  • Joint definition of the test scope
  • Definition of the accounts, environments and cloud providers to be tested
  • Determination of the test methodology and relevant services 

Access analysis & visibility 

  • Analysis of identities, roles and policies
  • Audit of publicly accessible endpoints and access paths
  • Assessment of IAM configurations and possible visibility gaps 

Manual vulnerability analysis & rights check 

  • Simulation of internal and external attackers
  • Analysis of misconfigurations, overreaching authorizations and escalation paths
  • Focus on realistic attack scenarios (e.g. privilege escalation) 

Verification & risk assessment 

  • No pure scans - in-depth manual review of exploitability
  • Evaluation of technical and business impact of each vulnerability
  • Prioritization by actual risk 

Report & final meeting 

  • Executive summary
  • Technical report incl. risk classification (CVSS)
  • Recommendations for immediate measures & sustainable improvements
  • On request: Joint final meeting & post-test to confirm closed gaps