<aside> ⚠️
CLICK DUPLICATE BUTTON TO START USING THE TEMPLATE
</aside>
<aside> 🎯
Objective: Identify and exploit cloud security gaps resulting from misconfigurations to reveal your organization's true cloud security posture and provide actionable remediation steps.
</aside>
Select appropriate cloud platforms based on your organization's footprint:
Cloud Platform | Complexity | Common Vulnerabilities | Key Testing Areas |
---|---|---|---|
AWS | High | S3 buckets, IAM, EC2 | Storage, identity, compute |
Azure | High | Blob storage, AD integration, VM | Identity, storage, network |
Google Cloud | Medium-High | GCS, IAM, GKE | Storage, identity, containers |
Multi-cloud | Very High | Identity federation, inconsistent policies | Cross-cloud access, policy gaps |
Private cloud | Medium | API security, automation gaps | Infrastructure access, management |
Hybrid cloud | High | On-prem to cloud bridges | Connectivity, policy synchronization |
Scope Option | Risk Level | Value | When to Select |
---|---|---|---|
Production (Read-Only) | Medium | Very High | Mature cloud environments with good guardrails |
Production (Limited Write) | High | High | Carefully controlled, specific test cases |
Staging/Pre-Production | Medium | Medium-High | Good balance of realism vs. risk |
Development | Low | Medium | Initial assessments, new methodologies |
Sandbox/Test | Very Low | Low | Training, proof of concept |
Service Category | Critical to Test | Common Issues | Test Priority |
---|---|---|---|
Storage (S3, Blob, GCS) | Yes | Public access, weak ACLs | Very High |
Identity (IAM, Azure AD) | Yes | Excessive permissions, trust relationships | Very High |
Compute (EC2, VMs, GCE) | Yes | Weak security groups, misconfigurations | High |
Containers (EKS, AKS, GKE) | Yes | RBAC issues, network policies | High |
Serverless (Lambda, Functions) | Yes | Overprivileged execution roles | High |
Databases (RDS, Cosmos, Cloud SQL) | Yes | Public access, weak auth | High |
Network (VPC, VNET) | Yes | Overly permissive rules | Medium |
Auxiliary Services | Varies | Service-specific issues | Medium |