Site icon HailBytes

AWS Penetration Testing

AWS Penetration Test

AWS Penetration Testing

What is AWS Penetration Testing?

Penetration testing methods and policies differ based on the organization that you’re in. Some organizations allow more freedoms while others have more protocols built in. 

When you are doing pen testing in AWS, you have to work within the policies that AWS allows you to because they are the owners of the infrastructure.

Most of what you can test is your configuration to the AWS platform as well as application code inside your environment.

So… you’re probably wondering what tests are allowed to be performed in AWS.

User Operated Services

Any security testing that involves cloud configurations that are built by the user is acceptable under AWS policy. It’s even possible to run certain types of attacks on instances of your creation.


Vendor Operated Services

Any cloud service that is provided by a third-party service provider is closed off to the configuration and implementation of the cloud environment, however, the infrastructure underneath the third-party vendor is safe to test.

What am I allowed to test in AWS?

Here is a list of things that you’re allowed to test in AWS:

What Am I Not Allowed To Pentest in AWS?

Here is a list of some of the things that can’t be tested on AWS:

How Should I Prepare Before Pentesting?

Here is a list of steps that you should follow before pentesting:


Exit mobile version