Pentesting in the cloud demands more coordination, and may account for new considerations and restrictions that common pentesters are unaccustomed to. Testers should work in a way to understand the best way to coordinate with the cloud service providers and what their pre-requisites and policies are. They should also seek to coordinate with the cloud architecture to ensure scans, enumerations, and tests are effective and produce the best desired results possible.
Industries are moving their resources into the cloud. It requires vulnerability assessments and penetration tests of crucial assets to determine the presence of vulnerabilities and what risks they are prone to. In many cases, compliance requirements may urge for pentests as well. Although, performing scans, enumeration tasks, and penetration tests in the cloud somewhat differs from those that run on a typical network or an application. So, some of the important factors must be kept in mind before moving on to plan a strategy for pentesting in the cloud environment.
The type of the cloud can overpower the decision of whether pentesting is possible or not. For the most part PaaS and IaaS clouds will permit pentesting. However, SaaS providers are not likely to allow customers to pentest their applications and infrastructure, with the exception of third parties performing the cloud providers' own pentests for security best practices.
The second important aspect to consider when performing cloud pentests is the type of tests we are allowed to perform according to CSP's policies. As the cloud resources are usually hosted on multitenant platforms, many attacks will lead to an increase in resource consumption, including bandwidth and system memory as well. With a multitenant environment, this could negatively affect other customers' resources, so most CSPs will forbid any DoS attacks, other exploits, or scans that are familiar to impact local resource availability.
When considering advanced pentests, testers will also exploit one system or application and then use that compromised system as a staging point for additional attacks against other systems or applications, this technique is commonly known as Pivoting.