Articles

An AWS security assessment evaluates the security posture of an AWS account, analysing the cloud resources contained in an account and their configuration. The goal of this assessment is to find any resources or vulnerabilities that can be maliciously utilised to compromise any services hosted in the AWS Account. Minimising these vulnerabilities will result in the hosted services being more resilient to attack and therefore adopting a stronger security posture.

In our previous article, we explored the benefits of adopting a multi-cloud architecture. In this article, we’ll deliver as promised some introductory architectures that can serve as your starting point for adopting a multi-cloud infrastructure.

Leveraging multi-cloud technologies and architectural patterns is becoming an increasingly important part of modern technology architecture. Whilst multi-cloud approaches offer numerous advantages, they also add complexity resulting in an expanded knowledge burden, additional access controls and an absence of replicable patterns.

If you are hosting applications on Amazon Web Services (AWS), it is important to consider the impact to AWS from your penetration testing. A key aspect of this consideration is determining whether what penetration testing can be safely conducted on the AWS platform without advanced permission and which testing should be abstained from without prior agreement.

Cloud penetration testing is a specialised form of penetration testing that focuses on identifying vulnerabilities in the infrastructure, configuration, and accessibility of cloud resources. Regular penetration testing is focused on testing an application directly by identifying vulnerabilities that malicious actors might exploit directly in the application.

However, when applications are hosted in the cloud, the security of the cloud infrastructure itself becomes crucial. Tools and services provided by the cloud environment play a key role in safeguarding applications, potentially nullifying application level vulnerabilities. At the same time, this cloud configuration introduces a level of complexity that is not usually present in traditional hosting environments.

Automated penetration testing differs from regular penetration testing by utilising a set of tools and services that continuously test applications to identify and exploit both new and old vulnerabilities. Most tools available in the cloud and application security space have some level of automation, with some tools operating entirely automatically, requiring a small number of initial commands and configuration. These automated tools handle various components of the testing process, such as discovery, identification, scanning, and simulated attacks.