Cloud Misconfiguration Testing
Test your cloud infrastructure for security misconfigurations with simulations that identify exposure risks across AWS, Azure, GCP, and other cloud providers.
Cloud Testing Features​
Multi-Cloud Support​
Test across providers:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
- Other cloud providers
Configuration Assessment​
Check for misconfigurations:
- Public exposure
- Excessive permissions
- Missing encryption
- Insecure defaults
Compliance Checking​
Validate against standards:
- CIS Benchmarks
- Cloud provider best practices
- Industry regulations
- Custom policies
Common Misconfigurations​
Storage Issues​
- Public S3 buckets
- Unencrypted storage
- Open Azure Blob containers
- Accessible GCS buckets
Network Exposure​
- Open security groups
- Public instances
- Missing network ACLs
- Unrestricted egress
Identity & Access​
- Overly permissive IAM
- Missing MFA
- Unused credentials
- Cross-account access
Encryption Gaps​
- Unencrypted databases
- Missing KMS
- Weak encryption settings
- Exposed keys
Logging & Monitoring​
- Disabled logging
- Missing CloudTrail
- Incomplete monitoring
- No alerting
Running Cloud Tests​
Setting Up Tests​
- Navigate to Attack Simulation → Cloud Misconfigurations
- Click New Test
- Configure:
- Cloud accounts
- Services to test
- Compliance frameworks
- Scope limitations
- Execute test
Scope Configuration​
Define test boundaries:
- Specific accounts
- Regions
- Services
- Resource types
Test Depth​
Choose coverage level:
- Quick scan (critical issues)
- Standard scan (common issues)
- Deep scan (comprehensive)
- Custom selection
Test Results​
Findings Overview​
- Total misconfigurations
- By severity
- By service
- By account
Finding Details​
For each issue:
- Resource affected
- Misconfiguration description
- Risk level
- Remediation steps
- Compliance impact
Risk Assessment​
- Exposure level
- Data at risk
- Compliance violations
- Business impact
Service-Specific Tests​
Compute Services​
- EC2 security groups
- Instance metadata
- Public IPs
- AMI security
Storage Services​
- Bucket policies
- Access controls
- Encryption
- Versioning
Database Services​
- Public access
- Encryption at rest
- Backup configuration
- Access controls
Network Services​
- VPC configuration
- Peering security
- Route tables
- Flow logs
Identity Services​
- IAM policies
- Role trust relationships
- Service accounts
- Access keys
Remediation​
Fix Guidance​
For each finding:
- What's wrong
- Why it matters
- How to fix
- Prevention steps
Automation​
- Auto-remediation options
- Infrastructure as Code fixes
- Policy enforcement
- Drift detection
Verification​
Confirm remediation:
- Re-scan affected resources
- Verify configuration
- Check compliance
- Document changes
Continuous Monitoring​
Ongoing Protection​
After testing:
- Enable continuous scanning
- Set up alerts
- Monitor for drift
- Regular re-assessment
Integration​
Connect with:
- SIEM systems
- Ticketing systems
- Notification channels
- Compliance tools
Best Practices​
- Scan all accounts - Complete coverage
- Test regularly - Weekly or continuous
- Prioritize exposure - Public issues first
- Use frameworks - CIS benchmarks
- Automate fixes - Where possible
- Prevent drift - Continuous monitoring
Related: