Skip to content

How is Cloud Web Application Penetration Test Different from Conventional testing

0

As above topic?

For normal web application testing we are only given a URL and normal web user account. What other things can we exploit from a cloud based url? For example? Misconfigured S3 Bucket I only have come across the following so far: https://github.com/VirtueSecurity/aws-extender When I run this do I need to have other parameter in place?

2ndly, is it necessary to do a ScoutSuite on a top of a typical testing: https://github.com/nccgroup/ScoutSuite

Lastly, give a URL how to get the s3:// details?

asked 3 years ago513 views
1 Answer
0

For a standard penetration test where the tester is given a user login and the public URL of the web app, it does not matter where/how that app is hosted. The actions required to mitigate/remediate any findings might be different for an app running on AWS, but the test process itself should be the same.

For assessing the security of your AWS account more generally, there are a number of tools available:

For further assistance you might also consider engaging with a AWS Security Competency Partner - these partners are vetted by AWS and have a proven track-record of helping customers improve their cloud security posture.

AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.