SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Penetration Testing

Cloud Penetration Testing

A cloud penetration test focuses on your cloud environment and any services hosted within Amazon Web Service (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and other providers.

Contact a Specialist Start Scoping Your Next Pen Test

A Cloud Penetration Test Can Help You:

Schellman’s Cloud Penetration Testing Methodology

While this test type does include common pen test attack vectors, it also involves techniques unique to cloud environments such as the exploitation of misconfigured serverless components and privilege escalation paths within native cloud services. 

Our cloud penetration testing methodology involves the following steps:

1. Provision (Seed) Initial Access:  With your help, we’ll create users, or API keys that have the same rights as a standard employee, developer, or an account with read-only access to the environment to be tested.

2. Identify Best Practices:  Then, we’ll identify common best practices that are abused by attackers. (NOTE: Despite our efforts, this phase will likely not identify as many best practice-related items as might be found during an audit due to the latter’s focus on manual processes and review.)

3. Privilege Escalation:  Finally, we’ll begin searching through accessible services (e.g., compute, storage, IAM, etc.) in your cloud environment and identify credentials and misconfigurations that might help us gain additional access beyond that which has been granted. Each time we gain access to a new principal or service within the cloud environment we’ll pinpoint just how much new access to resources was obtained and how these resources can be abused further to gain additional access and/or compromise your additional resources. 

Is Schellman the Right Firm for You?

Schellman does perform cloud penetration testing—our Penetration Testing Team continues to grow and is currently comprised of individuals from different backgrounds including former developers, system administrators, and lifelong security professionals. Our team is incredibly experienced, and collectively holds the following professional certifications, among others: 

Frequently Asked Questions

How long will a cloud penetration test take?

What does a cloud penetration test cost at Schellman?

What’s the difference between a cloud penetration test and a web application or network penetration test?

How do you get access to my cloud environment?

Why does testing begin from an authenticated account?

Get started with your cloud penetration testing

Our team of practice leaders, not sales, are ready to talk and help determine your best next steps.

Start Scoping Your Penetration Test Contact a Specialist