Security News > 2021 > October > Penetration Testing Your AWS Environment - A CTO's Guide
Here is where AWS environments can differ from traditional penetration tests as AWS networks' software-defined nature often means tighter controls are maintained between networks, and lateral movement is a challenge.
The AWS configuration review should include, and inform you of, how your users and services access and interact with your AWS environment, including permissions assigned to those users and services.
If an attacker can get access to these secrets, they will be able to access your AWS environment and be able to escalate privileges or maintain access to the cloud environment once they've been cleared off your internal network.
An AWS configuration review will give you an understanding of how many things are connecting to your AWS environment using access keys and the AWS API. Conclusion.
Penetration testing in AWS should be treated carefully, as it would be easy to spend time and money in the wrong places.
You may find that the most cost-effective way is a hybrid approach; you provide access to your AWS configuration, which can inform and guide a manual review of your complete AWS estate.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/zYXlRMMHWG4/penetration-testing-your-aws.html