Cloud Penetration Testing: AWS, Azure, GCP

What is Cloud Penetration Testing?

A cloud penetration test assesses the security of your cloud infrastructure. Testing can cover AWS, Microsoft Azure or Google Cloud Platform (GCP) environments, as well as their managed services, including instances, storage, databases, serverless functions and Kubernetes clusters.

The assessment focuses on identifying configuration errors, excessive permissions and misconfigured or overly permissive roles, as well as the unintended exposure of services such as APIs, administration consoles or public storage.

At the end of the assessment, you will receive a clear, prioritised report detailing the vulnerabilities identified, exploitation scenarios and their impact on the overall security of your cloud environment. Tailored recommendations help you strengthen your security posture over time. Our auditors can also perform a retesting phase to confirm the effectiveness of the fixes implemented.

Our Technical Expertise in Cloud Penetration Testing

Our auditors perform cloud penetration tests in highly complex environments, whether on AWS, Azure or GCP. Our approach adapts to your architectural choices, whether it's a full cloud deployment, a hybrid environment or an interconnection with an on-premise information system.

AWS Penetration Testing

Audit of IAM policies and access management

Identification of overly broad or generic permissions
Control of roles attached to instances and their restrictions
Search for persistent, unused or exposed access keys
Verification of the presence and configuration of MFA (Multi-Factor Authentication)
Analysis of combinations of rights that could lead to privilege escalation

Analysis of key service configurations

Search for public, exposed or misconfigured S3 buckets
Control of managed service security
Identification of secrets stored in environment variables, scripts or metadata

Authentication, segmentation and pivoting tests

Privilege escalation tests
Verification of inter-account trust relationships
Search for pivoting paths between AWS roles, instances or accounts
Simulation of unauthorised access from a compromised instance

Verification of AWS security best practices

Verification of EBS volume and sensitive data encryption
Control of secret management via AWS Secrets Manager
Verification of access key rotation and revocation
Analysis of log quality and monitoring mechanisms

Azure Penetration Testing

Audit of roles and permissions (RBAC)

Identification of excessive roles (Owner, Contributor) assigned to critical resources
Verification of role delegation and inheritance within groups
Analysis of accumulated permissions that could lead to widespread compromise

Analysis of Azure Active Directory (Azure AD)

Control of user, group, and administrative role configurations
Security assessment of app registrations and associated application secrets
Search for risks of unauthorised access via Microsoft Graph API or application impersonation

Secret security and Azure Key Vault

Verification of access to secrets and certificates stored in Azure Key Vault
Analysis of permissions and access policies associated with vaults
Identification of risks of silent compromise via exposed or shared secrets

Verification of network configuration and Azure resources

Control of Network Security Group (NSG) security rules
Assessment of inter-network connections and public exposure points
Search for misconfigurations in managed services

GCP Penetration Testing

IAM audit and access management

Identification of overly permissive roles
Verification of service account management and associated permissions
Search for inherited rights allowing privilege escalation

Service account analysis

Search for private keys exposed in code repositories, buckets or configurations
Assessment of service account permissions and their scope of action
Identification of risks of silent authentication and uncontrolled access to resources

Storage security

Search for public, exposed or misconfigured Cloud Storage buckets
Control of read and write permissions on sensitive storage
Verification of the presence of logs and access control mechanisms

Network configuration and segmentation

Audit of VPCs, firewall rules and network interconnections
Search for exposed internal services (SSH, RDP, administration APIs)
Verification of unsecured inter-project or inter-environment access

Types of Cloud Penetration Tests

A cloud penetration test can be carried out using three complementary approaches, each offering a different perspective on the security of your infrastructure.

Black box cloud penetration testing

The black box replicates the perspective of an external attacker with no prior knowledge of the target cloud environment.

Grey box cloud penetration testing

The grey box provides auditors with partial access (limited privileges, a developer account, or a restricted scope) in order to simulate a real initial compromise.

White box cloud penetration testing

The white box provides full access to documentation, configurations, infrastructure as code, and sometimes application code or CI/CD pipelines.

get a quote for a cloud penetration test

Cloud Penetration Testing Methodology

Cloud environment reconnaissance and mapping

Our auditors identify and inventory accessible accounts, subscriptions and projects; deployed services (virtual machines, databases, serverless functions, storage buckets, Kubernetes clusters); and public endpoints (APIs, web interfaces, network entry points). This phase also includes analysing IAM permissions and roles, as well as performing passive reconnaissance for exposed information to define the attack surface and prioritise the vectors to be tested.

Enumeration and analysis of configurations

Our auditors conduct a detailed analysis of configurations to detect misconfigurations and excessive permissions. They examine IAM permissions and associated policies, verify network configurations, assess storage rules and review serverless function settings.

Vulnerability and misconfiguration identification

Our auditors identify technical vulnerabilities and misconfigurations specific to cloud environments. This includes detecting publicly exposed or unauthenticated resources, searching for exposed API keys, tokens or secrets, and analysing serverless services for application vulnerabilities.

Exploitation and post-exploitation

Our auditors simulate controlled attack scenarios. These include attempts to escalate privileges via IAM weaknesses or misconfigured services, compromising workloads, extracting sensitive data from cloud storage and pivoting to other connected resources or environments.

Reporting

Following the assessment, our auditors document the identified vulnerabilities and misconfigurations in a detailed report. Each vulnerability is described with its severity level, exploitation scenario and supporting technical evidence. The report also includes remediation recommendations. We organise a debriefing session to present the findings, walk through the attack scenarios and support your teams in implementing corrective measures.

CUSTOMER TESTIMONIALS

"Intersport has been working with Vaadata for over seven years. We particularly value their technical expertise, professionalism and the quality of their customer service. Their ability to understand our challenges and propose tailored solutions has enabled us to strengthen the security of our systems, particularly through their penetration tests and cybersecurity advice. Vaadata is now a trusted partner whom we highly recommend."

Michaël A.

Head of Organisation and Information Systems, INTERSPORT

"On the recommendation of a fellow CIO, I commissioned Vaadata to carry out an initial penetration test in 2020, and from 2021 onwards, I decided to extend this collaboration to cover each of our solutions on an annual basis. What particularly impressed me, beyond their expertise, was the flexibility of their teams and how easily they communicated, particularly with our development teams. This has really facilitated our collaboration and enabled us to achieve even more effective results. The sharing of information is outstanding."

Jean-Philippe F.

Head of Information Systems, ITESOFT

"We have been working with Vaadata since 2018. I appreciate their approachability, their commitment to providing advice and the quality of their technical expertise. With every project, their teams help us take our security maturity to the next level. Their support was particularly crucial in helping us achieve our SOC 2 certification. Vaadata is now a trusted partner we can rely on to address our security and compliance challenges."

Thomas L.

Head of IT, Security and Compliance, DATAGALAXY

"We have no hesitation in recommending Vaadata to other businesses. Their technical expertise, methodological rigour, ability to identify complex vulnerabilities and, above all, the quality of their remediation recommendations make them a trusted partner."

Ouadia L.

CEO, RANDOM TEAM

“What I really appreciated were the technical discussions. We were able to challenge each other’s views, discuss the severity levels and compare our interpretations. Nothing was set in stone. It was a truly collaborative effort, which I found very enjoyable.”

Ayoub H.

Senior Security Engineer, VESTIAIRE COLLECTIVE

About Vaadata

Cloud Penetration Testing with Vaadata, a Trusted Offensive Security Partner

Choosing Vaadata for a cloud penetration test means working with a CREST, PASSI, ISO 27001 and ISO 27701 certified company, ensuring quality, rigour and compliance with international cybersecurity and data protection standards. These certifications demonstrate our commitment to industry best practices and the highest standards in every engagement.

Our auditors are experts in complex cloud environments. Their expertise enables them to accurately identify, exploit and document vulnerabilities specific to managed services, virtualised environments and Kubernetes platforms.

Our cloud pentest methodology is based on proven frameworks and covers a wide range of risks. Depending on your objectives, we adapt the scope to focus on the most critical resources.