AWS offers over 100+ cloud hosting services that include offerings such as compute and storage, content delivery, security management, network infrastructure, and physical hosting facility for tenant organizations. The wide range of these services typically falls into Infrastructure (IaaS), Platform (PaaS), or Software as a service (SaaS). Uses for these virtual environments include internal organization, service to consumers, or a mixture of both. The most common purposes include networking, data storage, web application services, and code development.
What is important to understand here is that the AWS platform that you build your environment upon cannot be penetration tested. However, your organization’s configuration of the AWS platform and the additional application code or assets living in your environment can be tested.
Recochain with its comprehensive methodology during AWS hosting infrastructure Security Review and provide the best possible recommendations for remediations of the revealed security threats. Our methodology encompasses test scenarios ranging from “Test for Unauthenticated Bucket Access” to “Test to Change the default policy for a user or new users to include additional privileges (like set default-policy-version)”. We provide several assessment models such as quick scan, full assessment, Gray box model, and other models based on industry standards for application security that cater to your business needs.
Where possible, we automate our methodology using proprietary, customized tools, and scripts to make the assessment as efficient as possible. However, many AWS Security misconfigurations can only be identified through manual techniques.