Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
Privacy Assessments
Privacy Assessments
APEC Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
Privacy Program Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
Healthcare Assessments
Healthcare Assessments
HITRUST CSF Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

Penetration Testing

Cloud Penetration Testing

A cloud penetration test focuses on your cloud environment and any services hosted within Amazon Web Service (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and other providers.

Contact a Specialist Start Scoping Your Next Pen Test

A Cloud Penetration Test Can Help You:

https://www.schellman.com/hubfs/improve-security-posture-2.svg

Improve Your Security Posture

This assessment will discover credential exposures within services that allow for privilege escalation or situations where identity and access management allow excessive access to resources.

https://www.schellman.com/hubfs/social-prepare-for-real-world-attacks.svg

Prepare for Real-World Attacks

Because this test provides a simulation of real-world attacks, you’ll be able to see how an attacker would move laterally through 

https://www.schellman.com/hubfs/meet-compliance-requirements.png

Demonstrate Compliance

Depending on your industry and related regulations, a cloud penetration test may benefit your compliance purposes.

https://www.schellman.com/hubfs/improve-security.png

Provide a Sense of Security

While built-in security tools exist with many providers, you’ll get a more thorough picture of your cloud assets, including how attack-resistant and vulnerable they are. Verifying the security will enable you to have confidence in the cloud security posture and allows you to demonstrate this to customers, partners, and stakeholders.

https://www.schellman.com/hubfs/blue-vulnerabilities-icon-1.png

Identify Security Vulnerabilities in Your Cloud Resources

These vulnerabilities are often different than those found via automated scanning and other audit-focused tools—finding them will reduce your associated risks, including those that will accompany any potential acquisition of a new company that heavily uses the cloud. 

Schellman’s Cloud Penetration Testing Methodology

While this test type does include common pen test attack vectors, it also involves techniques unique to cloud environments such as the exploitation of misconfigured serverless components and privilege escalation paths within native cloud services. 

Our cloud penetration testing methodology involves the following steps:

1. Provision (Seed) Initial Access:  With your help, we’ll create users, or API keys that have the same rights as a standard employee, developer, or an account with read-only access to the environment to be tested.

2. Identify Best Practices:  Then, we’ll identify common best practices that are abused by attackers. (NOTE: Despite our efforts, this phase will likely not identify as many best practice-related items as might be found during an audit due to the latter’s focus on manual processes and review.)

3. Privilege Escalation:  Finally, we’ll begin searching through accessible services (e.g., compute, storage, IAM, etc.) in your cloud environment and identify credentials and misconfigurations that might help us gain additional access beyond that which has been granted. Each time we gain access to a new principal or service within the cloud environment we’ll pinpoint just how much new access to resources was obtained and how these resources can be abused further to gain additional access and/or compromise your additional resources. 

Is Schellman the Right Firm for You?

Schellman does perform cloud penetration testing—our Penetration Testing Team continues to grow and is currently comprised of individuals from different backgrounds including former developers, system administrators, and lifelong security professionals. Our team is incredibly experienced, and collectively holds the following professional certifications, among others: 

Frequently Asked Questions

How long will a cloud penetration test take?

What does a cloud penetration test cost at Schellman?

What’s the difference between a cloud penetration test and a web application or network penetration test?

How do you get access to my cloud environment?

Why does testing begin from an authenticated account?

Get started with your cloud penetration testing

Our team of practice leaders, not sales, are ready to talk and help determine your best next steps.

Start Scoping Your Penetration Test Contact a Specialist

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.