Cloud assessment checks: identity and access management, exposed storage, instance metadata SSRF, logging, and common misconfigurations across providers.
68 checks · progress and notes saved in your browser
Review IAM across AWS, Azure, and GCP for over-privileged identities, leaked or long-lived credentials, weak or missing MFA, and exploitable trust relationships. IAM is the most common path to cloud compromise and privilege escalation.
Assess object and blob storage (AWS S3, Azure Blob/Storage, GCP Cloud Storage) for public exposure, weak encryption, and data-leakage via signed URLs and listing.
Test compute instances and their metadata services for SSRF-driven credential theft, instance/user-data secret exposure, and public machine images and snapshots.
Review cloud network exposure, segmentation, and DNS for open management ports, weak isolation, and subdomain takeover of cloud resources.
Assess serverless functions and platform services for over-privileged roles, secret exposure, event injection, and weak secrets management.
Verify audit logging is enabled, protected from tampering, and complemented by threat detection across AWS, Azure, and GCP.