Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cloud Service Security

We perform security reviews for Cloud services and/or solutions offered by cloud service vendors. These solutions may cover different service models such as Software-as-a-service (eg. Dropbox, ZenDesk) or Platform-as-a-service (eg. Salesforce).

Find out more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Cloud solution security assessments are common among vendors relying on cloud services. Due to the size, business operations reliability, and severity of the information involved, it is imperative that an independent third party opinion is sought to ensure the attack surface is minimal at all times. 

Due to the increasing popularity of cloud models, cloud solution vendors have various compulsions to perform these reviews. These range from proactive internal decisions, vendor assurance certifications to periodic assessments or upon every major change in the setup. 

Defendza has the experience and skill-set needed to perform these reviews. A few examples of our clients under this category include major global CRM Platform Company, UK based cloud platform provider and major supermarket retailer. 

Why you need Cloud Service Testing?

To provide a safe and secure solution to end customer, a cloud solution security review shall uncover gaps that were previously unknown to your development teams.

There is a clear business case to seek vendor neutral security review for a cloud solution due to the following factors:

  • Business critical offering to customers
  • Customer data processed in the environment
  • Demonstration of cybersecurity practices to your partners, supply chain

Methodology

Management Plane

The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions that use SSH, HTTPS (if web interface available) as well as statistics-gathering with SNMP. When you consider the security of a network device, the management plane must be protected. If a security incident can undermine the functions of the management plane, it can be impossible for you to recover or stabilize the network.

The management plane is the plane that receives and sends traffic for operations of these functions. You must secure both the management plane and control plane of a device, because operations of the control plane directly affect operations of the management plane.

Perimeter (external) Assessment

External assessment involves assessing internet-facing infrastructure using port scans, vulnerability assessment followed by manual analysis and reporting phase

Firewall Rules Review

Can you confirm that your cloud-based firewall has relevant rules defined to prevent access to services within your private network? 

Vulnerability Scan

One step advanced than our basic scanning service, we conduct a thorough vulnerability scanning based after a full port scanning on your perimeter network. This would provide you a detailed view of your network security.

Our consultants would ensure that no false positives are reported in any of our final deliverables. Findings added in our report are manually verified before making it to the document. 

API Analysis

Modern applications (including mobile) rely on API's for their features / functionalities. Once the API endpoints are identified - during network as well as static analysis - these would be further assessed. Weak API endpoints could lead to trivial functionality bypass or sometimes, potential denial of service scenarios.

Cloud Application Pentest

Software as a Service (SaaS) models is currently flourishing the market. These applications are hosted in the cloud with shared infrastructure and backend. Our clients need assurance that their data is not accessible to other users of the Saas application. Defendza has conducted a successful assessment on several top SaaS platforms and our expert consultants are always ready to help you gain that confidence.

Let us discuss about your cloud security requirements 
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

Our network security team is waiting
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Related Resources