UPCOMING IN-PERSON EVENTS: The Schellman team will be around the country at events the week of June 5th

Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Cloud Penetration Testing

A cloud penetration test focuses on your cloud environment and any services hosted within Amazon Web Service (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and other providers.

Contact a Specialist Read More About Schellman's Approach

A Cloud Penetration Test Can Help You:

Schellman’s Cloud Penetration Testing Methodology

While this test type does include common pen test attack vectors, it also involves techniques unique to cloud environments such as the exploitation of misconfigured serverless components and privilege escalation paths within native cloud services. 

Our cloud penetration testing methodology involves the following steps:

1. Provision (Seed) Initial Access:  With your help, we’ll create users, or API keys that have the same rights as a standard employee, developer, or an account with read-only access to the environment to be tested.

2. Identify Best Practices:  Then, we’ll identify common best practices that are abused by attackers. (NOTE: Despite our efforts, this phase will likely not identify as many best practice-related items as might be found during an audit due to the latter’s focus on manual processes and review.)

3. Privilege Escalation:  Finally, we’ll begin searching through accessible services (e.g., compute, storage, IAM, etc.) in your cloud environment and identify credentials and misconfigurations that might help us gain additional access beyond that which has been granted. Each time we gain access to a new principal or service within the cloud environment we’ll pinpoint just how much new access to resources was obtained and how these resources can be abused further to gain additional access and/or compromise your additional resources. 

Is Schellman the Right Firm for You?

Schellman does perform cloud penetration testing—our Penetration Testing Team continues to grow and is currently comprised of individuals from different backgrounds including former developers, system administrators, and lifelong security professionals. Our team is incredibly experienced, and collectively holds the following professional certifications, among others: 

Frequently Asked Questions

How long will a cloud penetration test take?

What does a cloud penetration test cost at Schellman?

What’s the difference between a cloud penetration test and a web application or network penetration test?

How do you get access to my cloud environment?

Why does testing begin from an authenticated account?

Get started with your cloud penetration testing

Our team of practice leaders, not sales, are ready to talk and help determine your best next steps.

Start Scoping Your Penetration Test Contact a Specialist