Cloud is the preferred solution for data storage, infrastructure and services on demand today. Most enterprises migrate to the Cloud following different models as alternatives; Public, Private or Hybrid and also service models of choice SaaS, IaaS or PaaS.
The vulnerabilities faced by the data stored on the Cloud or applications hosted there are self-explanatory, justifying the increasing importance of the Penetration Testing of Cloud based applications, services and infrastructure. With an increasing number of enterprises migrating to the Cloud, the chances of breaches, threats and vulnerabilities increase day by day. Enterprises face unique challenges in protecting their resources over the various models of the Cloud.
Cloud Applications Penetration testing comes with a unique challenge. The test strategy changes if the testing is to be done for the Cloud Service Provider versus the Tenant. Since a Cloud is essentially a multi-tenant model; when the Cloud testing needs to be done for a particular tenant, it should avoid putting others at unease and also be conducted within the legal limits.
A meticulous Cloud Pen test would be a combination of using internal as well as external Pen Tests. An internal pen test accesses the servers and hosts in the Cloud, initiating a vulnerability test with the authenticated credentials. Once inside the perimeter, the Pen Tests stimulate what a hacker could. Security in the Cloud requires a well thought of strategy with continuous vigil and surveillance.
Services for Cloud Assessment.
Combination of penetration tests for testing in the Cloud
We have used other security vendors in past, but have found WeSecureApp by far the most thorough and professional service. Our SaaS product has a large surface area of functionality; and WSA went above and beyond in exploring the full scope of the product and performing penetration testing. They went well beyond the standard automated test suites and checklists - gaining an understanding how the application works (with minimal guidance from us) to identify potential vulnerabilities. We found them a pleasure to work with throughout the process. Where potential issues were identified they provided clear reproductions and mitigation options; as well as providing timely testing of fixes. We would strongly recommend WSA to other SaaS product companies.