University of Twente Student Theses


Penetration testing of AWS-based environments

Szabó, Réka (2018) Penetration testing of AWS-based environments.

[img] PDF
Abstract:Since the last millennium, the various offerings of Cloud Service Providers have become the core of a large number of applications. Amazon Web Services is the market leader at the forefront of cloud computing with the most significant customer base. In accordance with Amazon's policy, security in the cloud needs to be ensured by the clients, which poses a huge security risk. A favoured technique to evaluate the security properties of computer systems is penetration testing and the focus of this thesis is how this technique can be leveraged specifically for AWS environments. A general method is outlined, which can be applied on the client side to improve the security of applications running in the Amazon cloud. The existing tools are integrated into the conventional penetration testing method- ology, and the available toolset is extended to achieve a more comprehensive method. A major element of the study is authenticated penetration tests, in which case credentials are provided to the benign attacker, and thus the focus can be on internal misconfigurations which are often the source of security breaches in AWS environments.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page