<aside> ⚠️
CLICK DUPLICATE BUTTON TO START USING THE TEMPLATE
</aside>
<aside> 🎯
Objective: Identify and exploit cloud security gaps resulting from misconfigurations to reveal your organization's true cloud security posture and provide actionable remediation steps.
</aside>
Select appropriate cloud platforms based on your organization's footprint:
| Cloud Platform | Complexity | Common Vulnerabilities | Key Testing Areas |
|---|---|---|---|
| AWS | High | S3 buckets, IAM, EC2 | Storage, identity, compute |
| Azure | High | Blob storage, AD integration, VM | Identity, storage, network |
| Google Cloud | Medium-High | GCS, IAM, GKE | Storage, identity, containers |
| Multi-cloud | Very High | Identity federation, inconsistent policies | Cross-cloud access, policy gaps |
| Private cloud | Medium | API security, automation gaps | Infrastructure access, management |
| Hybrid cloud | High | On-prem to cloud bridges | Connectivity, policy synchronization |
| Scope Option | Risk Level | Value | When to Select |
|---|---|---|---|
| Production (Read-Only) | Medium | Very High | Mature cloud environments with good guardrails |
| Production (Limited Write) | High | High | Carefully controlled, specific test cases |
| Staging/Pre-Production | Medium | Medium-High | Good balance of realism vs. risk |
| Development | Low | Medium | Initial assessments, new methodologies |
| Sandbox/Test | Very Low | Low | Training, proof of concept |
| Service Category | Critical to Test | Common Issues | Test Priority |
|---|---|---|---|
| Storage (S3, Blob, GCS) | Yes | Public access, weak ACLs | Very High |
| Identity (IAM, Azure AD) | Yes | Excessive permissions, trust relationships | Very High |
| Compute (EC2, VMs, GCE) | Yes | Weak security groups, misconfigurations | High |
| Containers (EKS, AKS, GKE) | Yes | RBAC issues, network policies | High |
| Serverless (Lambda, Functions) | Yes | Overprivileged execution roles | High |
| Databases (RDS, Cosmos, Cloud SQL) | Yes | Public access, weak auth | High |
| Network (VPC, VNET) | Yes | Overly permissive rules | Medium |
| Auxiliary Services | Varies | Service-specific issues | Medium |