Cloud Penetration Testing

Cloud Penetration Testing

Cloud Penetration Testing is an authorised simulated cyber-attack against a system that is hosted on a Cloud provider, e.g. Amazon’s AWS or Microsoft’s Azure. Cloud penetration test is to find the weaknesses and strengths of a system, so that its security posture can be accurately assessed. 

The increased assurance will come from the fact that that you will gain visibility of the security weaknesses of your cloud estate. You will be able to verify what services and data are publicly accessible, what cloud security controls are in effect, and how effectively these are mitigating your security risk.

The process described here aims to provide the foundation for a public cloud penetration testing methodology and is designed for current and future technologies that are hosted on public cloud environments or services. In particular, this document focuses on penetration testing of applications and services hosted in the cloud.

Our team consists of AWS Security and Microsoft certified experts.

Our Methodology


Before an application assessment can take place, Armour Infosec defines a clear scope of the client. Open communication between Armour Infosec and the client organization is encouraged at this stage to establish a comfortable foundation from which to assess.


Our engineers collect as much information as they can on the target, employing a myriad of OSINT (Open Source Intelligence) tools and techniques. The assembled information will assist us with understanding the working states of the association, which permits us to evaluate the risk precisely as the engagement progresses.


At this stage, we consolidate computerized contents and instruments, among different strategies in further developed data gathering. Our experts closely inspect any conceivable assault vectors. The accumulated data from this stage will be on the basis for exploitation in the upcoming stage.


In this step, we initiate both manual & automated security scan to find all possible attack vectors & vulnerabilities. After this, we run exploits on the application to evaluate its security. We use different methods and open-source scripts and in-house tools to gain a high degree of penetration. All these are done cautiously to secure your application and its information


This is the final stage of the whole assessment process. In this stage, the Armour's analysts aggregate all obtained information and provide the client with a thorough, comprehensive detailing of our findings. Our team will discuss the report and find the appropriate solutions for the bugs located. After that, a comprehensive discussion will be carried out to fix these vulnerabilities .

Cloud Configuration Review is an assessment of your Cloud configuration against the accepted best practice of industry benchmarks. A report is produced with a summary table showing the benchmarks and whether you are following the best practice, with individual technical findings breaking the findings down in more detail, as well as detailed explanations and remediation advice.

Cloud Penetration Testing involves a mixture of external and internal penetration testing techniques to examine the external posture of the organisation. Examples of vulnerabilities determined by this type of active testing can include unprotected storage blobs and S3 buckets, servers with management ports open to the internet and poor egress controls.

  • Enumeration of external attack surface – Identify all possible entry points into the environment – O365, Web Applications, Storage Blobs, S3 Buckets, SQL/RDS Databases, Azure Automation APIs, AWS APIs, Remote Desktops, VPNs, etc.
  • Authentication and Authorization Testing – Ensure the users within the environment operate on a Principle of Least Privilege, are protected by robust multi factor authentication policies, as well as ensuring that known ‘bad passwords’ are prohibited from being used.
  • Virtual Machines / EC2 – Azure supports two types of virtual machines – Classic and v2. Testing will ensure that these virtual machines are protected via Network Security Groups (NSGs – analogous to firewalls) and their data is encrypted at rest. 
  • Storage and Databases – Examination of databases (either on virtual machines running SQL Server, or running via Azure SQL) for security best practices is covered.
Get Started with Armour


Armour Infosec provided to the point and in-depth vulnerabilities details, which was greatly beneficial to us. We are an exclusive community of testers delivers the real-time insights you need to remediate risk quickly and innovate securely.

  1. Test your web, mobile, API, network, or cloud services
  2. Launch a pentest in days, not weeks
  3. Collaborate with pentesters in real time
  4. Accelerate find-to-fix cycles with tech integrations
  5. Tailor pentest reports for all of your stakeholders
  6. Retest fixes, for free
  7. Improve your security posture over time