Content deleted Content added
Claudiajoyce (talk | contribs) m →Attacks: Added. hyperlinks |
mNo edit summary Tags: Reverted Visual edit |
||
Line 58:
=== Penetration testing ===
[[Penetration test]]ing is the process of performing offensive security tests on a system, service, or [[computer network]] to find security weaknesses in it. This type of assessment simulates actual, real-world cyber-attacks and are usually performed by an experienced team of ethical hackers who use various techniques to exploit known vulnerabilities and aim to validate how easily an attacker could breach a system.<ref>{{Cite web |date=2023-08-23 |title=Building Trust with Cybersecurity Assessments |url=https://www.meetingtreecomputer.com/improve-security-and-build-customer-trust-with-cybersecurity-assessments/ |access-date=2023-10-15 |website=Meeting Tree Computer |language=en-US}}</ref> Since the cloud is a shared environment with other customers or tenants, following penetration testing rules of engagement step-by-step is a mandatory requirement. Scanning and penetration testing from inside or outside the cloud should be authorized by the cloud provider. Violation of acceptable use policies can lead to termination of the service.<ref>{{cite book |doi=10.1145/3026724.3026728 |chapter=Penetration Testing on Virtual Environments |title=Proceedings of the 4th International Conference on Information and Network Security - ICINS '16 |year=2016 |last1=Guarda |first1=Teresa |last2=Orozco |first2=Walter |last3=Augusto |first3=Maria Fernanda |last4=Morillo |first4=Giovanna |last5=Navarrete |first5=Silvia Arévalo |last6=Pinto |first6=Filipe Mota |pages=9–12 |isbn=978-1-4503-4796-9 |s2cid=14414621 }}</ref>
=== Cloud vulnerability and penetration testing ===
| |||