Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen

Cloud Security

Cloud Security Audit & Penetration Test
Your cloud. Our offensive.

AWS. Azure. GCP. Misconfigurations are attack vector #1 in the cloud. We audit IAM policies, container security, and network isolation - before attackers do.

Request Cloud Audit What we assess
AWS / Azure / GCP ISO 27001 Certified Retest Included OSCP-Certified

Trusted by these organizations

Pentests completed
500+
all hyperscalers from one partner
AWS · Azure · GCP
fixed-price quote committed
24h
false positives in final report
0

Platforms

All major cloud platforms. One point of contact.

We also assess hybrid and multi-cloud environments - including the transitions between on-premises and cloud.

Amazon Web Services

AWS

EC2S3RDSLambdaIAMVPCKMSCloudTrailEKS

IAM policies, bucket permissions, VPC configuration, CloudTrail logging, and EKS cluster security against CIS AWS Foundations Benchmark.

Microsoft Azure

Azure

VMsBlob StorageApp ServiceKey VaultRBACNSGsAKS

Azure RBAC, network security groups, Key Vault access, Defender for Cloud configuration, and AKS cluster security against CIS Azure Benchmark.

Google Cloud Platform

GCP

Compute EngineCloud StorageIAMKMSVPCGKE

GCP IAM roles, org policies, Cloud Audit Logs, VPC firewall rules, and GKE cluster hardening against CIS GCP Benchmark.

Assessment Areas

What we assess

Six critical areas - from access control to monitoring. Each area can serve as an entry point for attackers.

IAM & Access Control

Roles, policies, and service accounts for over-permissions. Cross-account access, least-privilege principle, MFA enforcement for privileged identities, and permission boundaries.

Network Security

Security groups, NACLs, VPC peering, and private endpoints for unintended exposure. Firewall rules, ingress/egress filters, and network topology for lateral movement opportunities.

Data Storage

S3/Blob/GCS bucket policies for public exposure, encryption at rest and in transit, access logs, and lifecycle policies. Databases for network isolation and backup security.

Containers & Kubernetes

Container image security, pod security standards, RBAC configuration, network policies, and secrets management in EKS, AKS, and GKE. Admission controllers and runtime security.

Serverless

Lambda/Functions execution roles for over-permissions, event source injection via S3, API Gateway, or SNS, dependency analysis in deployment packages, and secrets in environment variables.

Logging & Monitoring

CloudTrail/Azure Monitor/Cloud Audit Logs for complete coverage across all regions and services. Alerting gaps for security-critical events and SIEM integration weaknesses.

Methodology

Configuration Review + Active Testing

Two complementary approaches - combined, they deliver the most complete picture of your cloud security posture.

Configuration Review

Automated and manual review of configuration against CIS Benchmarks and CSA Cloud Controls Matrix. Non-invasive, read-only. No risk to production operations.

Cloud Pentest

Active exploitation of vulnerabilities: privilege escalation in the cloud, service-to-service attacks, and simulated data exfiltration - under controlled conditions.

01

1 day

Scoping - Cloud Account Identification

Joint definition of assessment scope: which accounts, regions, services, and applications. Setup of read-only access via IAM roles or service accounts. Definition of rules of engagement and prohibited test targets.

02

2-3 days

Automated Scanning - CIS Benchmark Checks

Automated review with ScoutSuite (multi-cloud) and Prowler (AWS) against CIS Benchmarks, SOC 2, PCI DSS, and ISO 27001 controls. Generates a complete baseline of all misconfigurations with severity ratings.

ScoutSuiteProwlerCIS Benchmarks
03

3-5 days

Manual Analysis - IAM, Network, Architecture

Deep analysis of IAM policy structure for privilege escalation paths, network topology for unintended transitions, architectural vulnerabilities, and logical access problems that no scanner can detect.

Manual AnalysisPolicy Simulator
04

3-7 days

Exploitation - Privilege Escalation, Cross-Service

Active exploitation of discovered vulnerabilities: privilege escalation via over-privileged roles, database access via compromised service accounts, cross-service attacks, and data exfiltration simulation.

PacuCloudFoxCustom Scripts
05

2-3 days

Reporting - Risk-Prioritized Findings

Technical report with CVSS scores, cloud-specific remediation steps, and architectural recommendations. Management summary with risk overview. On request: compliance mapping to TISAX, SOC 2, ISO 27001, or NIS-2.

Sample Findings

What we typically find

Anonymized examples from real Cloud Security Assessments. These findings are not exceptions - they occur regularly.

CVSS 9.6 - CRITICAL

S3 Bucket Containing Customer Data is Publicly Accessible

The bucket customer-data-prod-eu contains 45,000 customer records including address and payment data. No access restrictions, no encryption at rest, no access logging. Any internet user can retrieve all files without authentication. Mandatory breach notification under GDPR Art. 33 within 72 hours applies.

CIS AWS 2.1.2 GDPR Art. 32 S3 Bucket ACL Data Breach
CVSS 8.8 - HIGH

IAM Role Allows Privilege Escalation to Admin

The Lambda execution role arn:aws:iam::123456789:role/lambda-processor holds the iam:AttachRolePolicy permission without conditions. Through this over-privileged role, an attacker who compromises the Lambda function can assign themselves AdministratorAccess rights and thereby take over the entire AWS organization.

Privilege Escalation IAM Misconfiguration CIS AWS 1.16
CVSS 6.1 - MEDIUM

CloudTrail Logging Disabled in 3 of 7 Regions

CloudTrail is only active in eu-central-1, eu-west-1, and us-east-1. Attacker activity in the regions ap-southeast-1, ap-northeast-1, sa-east-1, and ca-central-1 goes unlogged. Forensic analysis after a security incident in these regions is impossible. Attackers can create resources, exfiltrate data, and cover their tracks undetected.

Logging Gap CIS AWS 3.1 Forensics Blind Spot

Shared Responsibility

Your part of the responsibility

Cloud security is not solely the provider's responsibility. The Shared Responsibility Model clearly defines who must secure what.

Cloud provider secures

  • Physical infrastructure and data centers
  • Hypervisor and virtualization layer
  • Network backbone and global infrastructure
  • Hardware and firmware of host systems
  • Availability and reliability of core services

YOU secure

  • IAM configuration, roles, and access rights
  • Network rules, security groups, and firewall policies
  • Data encryption and key management
  • Application security and code quality
  • Operating system hardening and patch management
  • Logging, monitoring, and incident response

Customer-side misconfigurations are among the most common causes of cloud security incidents according to industry analyses - not provider vulnerabilities.

This is exactly where we come in.

Fixed Prices

Transparent Fixed Prices

No hourly rates. No additional charges. Binding quote within 24 hours.

Cloud Configuration Review

from 6,000 EUR

5-8 business days - non-invasive, read-only

  • CIS Benchmark Checks (AWS/Azure/GCP)
  • Automated scanning with ScoutSuite/Prowler
  • Manual IAM policy analysis
  • Network and data storage review
  • Risk-prioritized final report
  • Compliance mapping (TISAX, ISO 27001)
  • No impact on production operations
Request Quote
Recommended

Cloud Pentest (1 Provider)

from 10,000 EUR

8-12 business days - active testing

  • Everything from the Configuration Review
  • Active privilege escalation testing
  • Cross-service attacks simulated
  • Container & Kubernetes security
  • Serverless function testing
  • Proof-of-concept exploits included
  • Retest after remediation included
Request Cloud Audit

Multi-Cloud + Container

from 18,000 EUR

15-25 business days - AWS + Azure + GCP + Kubernetes

  • Full assessment of all three hyperscalers
  • Hybrid cloud transitions assessed
  • Multi-cloud identity federation
  • Cross-provider data flow analysis
  • Consolidated overall risk report
  • Dedicated senior consultant
  • Management presentation included
Request Quote

Compliance

Your Cloud Security Assessment as Compliance Evidence

Our report is structured so it can be used directly as evidence for auditors and authorities.

TISAX

Automotive Cloud Usage

TISAX assessments require evidence that cloud environments are adequately secured. Our report directly covers the relevant TISAX requirement categories.

ISO 27001

Annex A Control Mapping

ISO 27001:2022 Annex A explicitly addresses cloud service usage (A.5.23). Our assessment maps all findings to the relevant controls for your certification or audit.

SOC 2

Type II Audit Preparation

For SOC 2 Type II audits, cloud controls must be evidenced over 6-12 months. We identify gaps early and support remediation prior to the audit.

NIS-2

Critical Supply Chain

NIS-2 Article 21 requires organizations to regularly review their cloud infrastructure as critical supply chain. Our assessment documents compliance with technical security measures.

Find misconfigurations in your cloud before attackers do.

You will receive a binding fixed-price quote within 24 hours. No hourly rate. No surprises.

Request Cloud Audit +49 209 6170 2928

Certifications & Qualifications of Our Cloud Testers

OSCP

Offensive Security Certified Professional

AWS Security

AWS Certified Security - Specialty

AZ-500

Microsoft Azure Security Engineer

ISO 27001 LA

Lead Auditor

CKS

Certified Kubernetes Security Specialist

CCSP

Certified Cloud Security Professional

Why AWARE7 for Your Cloud Pentest

Was uns von anderen Anbietern unterscheidet

Reine Awareness-Plattformen testen keine Systeme. Reine Beratungskonzerne sind zu weit weg. AWARE7 verbindet beides: Wir hacken Ihre Infrastruktur und schulen Ihre Mitarbeiter - mittelstandsgerecht, persönlich, ohne Enterprise-Overhead.

Forschung und Lehre als Fundament

Rund 20% unseres Umsatzes stammen aus Forschungsprojekten für BSI und BMBF. Unsere Studien analysieren Millionen von Websites und Zehntausende Phishing-E-Mails - publiziert auf ACM- und Springer-Konferenzen. Drei unserer Führungskräfte sind gleichzeitig Professoren an deutschen Hochschulen.

Digitale Souveränität - keine Kompromisse

Alle Daten werden ausschließlich in Deutschland gespeichert und verarbeitet - ohne US-Cloud-Anbieter. Keine Freelancer, keine Subunternehmer in der Wertschöpfung. Alle Mitarbeiter sind sozialversicherungspflichtig angestellt und einheitlich rechtlich verpflichtet. Auf Anfrage VS-NfD-konform.

Festpreis in 24h - planbare Projektzeiträume

Innerhalb von 24 Stunden erhalten Sie ein verbindliches Festpreisangebot - kein Stundensatz-Risiko, keine Nachforderungen, keine Überraschungen. Durch eingespieltes Team und standardisierte Prozesse erhalten Sie einen klaren Zeitplan mit definiertem Starttermin und Endtermin.

Ihr fester Ansprechpartner - jederzeit erreichbar

Ein persönlicher Projektleiter begleitet Sie vom Erstgespräch bis zum Re-Test. Sie buchen Termine direkt bei Ihrem Ansprechpartner - keine Ticket-Systeme, kein Callcenter, kein Wechsel zwischen wechselnden Beratern. Kontinuität schafft Vertrauen.

Für wen sind wir der richtige Partner?

Mittelstand mit 50–2.000 MA

Unternehmen, die echte Security brauchen - ohne einen DAX-Konzern-Dienstleister zu bezahlen. Festpreis, klarer Scope, ein Ansprechpartner.

IT-Verantwortliche & CISOs

Die intern überzeugend argumentieren müssen - und dafür einen Bericht mit Vorstandssprache brauchen, nicht nur technische Findings.

Regulierte Branchen

KRITIS, Gesundheitswesen, Finanzdienstleister: NIS-2, ISO 27001, DORA - wir kennen die Anforderungen und liefern Nachweise, die Auditoren akzeptieren.

Mitwirkung an Industriestandards

LLM

OWASP · 2023

OWASP Top 10 for Large Language Models

Prof. Dr. Matteo Große-Kampmann als Contributor im Core-Team des international anerkannten OWASP LLM-Sicherheitsstandards.

BSI

BSI · Allianz für Cyber-Sicherheit

Management von Cyber-Risiken

Prof. Dr. Matteo Große-Kampmann als Mitwirkender des offiziellen BSI-Handbuchs für die Unternehmensleitung (dt. Version).

Referenzen aus der Praxis

Pentesting & Schwachstellenscans

Sill Optics GmbH

Feststellung der Angriffsfläche bei Sill Optics GmbH

Pentesting & Schwachstellenscans

XignSys GmbH

Whitebox-Penetrationstests eines Authentifizierungsdienstes als Mobile- und Web-Anwendung

Pentesting & Schwachstellenscans

TWINSOFT GmbH & Co. KG

Externer Penetrationstest einer iOS-Applikation

Frequently Asked Questions about Cloud Security Assessments

Everything you need to know before your initial consultation about cloud penetration tests, scope, and pricing.

A Cloud Security Assessment is a structured security review of your cloud infrastructure carried out by certified experts. We analyze IAM configurations, network architecture, data storage, container environments, and logging configurations against established benchmarks such as CIS Controls and CSA CCM. You receive a detailed report with verified findings, CVSS scores, and prioritized recommendations - tailored specifically to your cloud environment.
A Cloud Configuration Review is non-invasive: we receive read-only access to your cloud accounts and check all configurations against CIS Benchmarks and best practices - without active attacks. A Cloud Penetration Test goes further: we actively exploit found vulnerabilities, attempt privilege escalation, lateral movement between services, and simulate real data exfiltration. For a comprehensive security assessment, we recommend combining both approaches.
We assess all three major hyperscalers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). We also test hybrid cloud environments with on-premises connectivity and multi-cloud setups. Our testers specialize in the native services of each platform - from AWS IAM and EKS, to Azure RBAC and AKS, to GCP IAM and GKE. For specialized platforms such as Alibaba Cloud or Oracle Cloud, please contact us.
For the Configuration Review, we require a read-only IAM user or service account - we set this up together with you and ensure no write permissions are granted. For active penetration testing, we work with a dedicated test account or a time-limited test access with defined permissions. All access is immediately revoked after testing is complete. We do not process production data on our systems.
A Configuration Review typically takes 5-10 business days, and a Cloud Penetration Test takes 7-15 business days. For multi-cloud assessments across AWS, Azure, and GCP, plan for 15-25 business days. The exact duration depends on the complexity of your environment - number of accounts, regions, service types, and whether containers and Kubernetes are in scope. In a free initial consultation, you will receive a binding fixed-price quote within 24 hours.
The Configuration Review is completely non-invasive and has no impact on your operations. During a Cloud Penetration Test, we conduct active tests in accordance with agreed Rules of Engagement - we never perform destructive actions such as deleting resources or denial-of-service attacks. On request, we test exclusively in dedicated test environments or carry out critical tests outside business hours.
Yes. Container and Kubernetes security is a separate assessment area in every Cloud Assessment. We analyze container image security (vulnerabilities in base images, secrets in layers), Kubernetes RBAC configuration, network policies, pod security standards, secrets management, container runtime security, and admission controllers. For managed Kubernetes services (EKS, AKS, GKE), we additionally review the cloud-specific configurations.
Yes. Serverless security is a frequently overlooked attack vector. We review Lambda/Azure Functions/Cloud Run for over-privileged execution roles, event source injection (e.g., via S3 events or API Gateway), dependency vulnerabilities in deployment packages, environment variables containing secrets, and timeout and memory configurations. Serverless environments often have a fragmented attack surface - we analyze the entire function chain.
Our Cloud Assessment provides mapping to BSI C5 (Cloud Computing Compliance Criteria Catalogue), TISAX for automotive suppliers, ISO 27001 Annex A controls, SOC 2 Type II criteria, and NIS-2 Article 21 requirements for critical infrastructure. We also assess against CIS Benchmarks for AWS, Azure, and GCP, as well as the CSA Cloud Controls Matrix (CCM). You receive a report that can be used directly as evidence for auditors.
Recommendation: at least once a year for a full assessment. Cloud environments change rapidly - new services, new teams, new configurations continuously increase the attack surface. A follow-up assessment should occur immediately after major architectural changes, cloud migrations, or security incidents. Organizations subject to NIS-2 are required to regularly review their cloud infrastructure as critical supply chain. Many clients use our retainer model for bi-annual reviews.

Related Services

Complementary security services for comprehensive protection.

Web Application Pentest

OWASP Top 10, API Security, Business Logic. Also for cloud-native applications.

Learn more

Network & Infrastructure

Active Directory, firewall bypass, lateral movement. For hybrid cloud environments.

Learn more

ISO 27001 Consulting

ISMS implementation and certification support. Cloud usage is explicitly addressed in Annex A.

Learn more

Aus dem Blog

Weiterführende Artikel

How secure is your cloud infrastructure, really?

Our certified cloud penetration testers assess AWS, Azure, and GCP for misconfigurations, IAM vulnerabilities, and container security - with a fixed-price commitment from EUR 6,000.

Request Cloud Audit

Kostenlos · 30 Minuten · Unverbindlich