Cloud configuration reviews are centered around the evaluation of security measures the customer implements and operates, often referred to as “security in the cloud”. In this realm, we identify assets, define boundaries and carefully review all applicable settings to uncover misconfigurations, departures from best practices and design issues potentially leading to major flaws.
  • AWS, GCP, Azure and

    Doyensec is capable of assessing the security of both public and private cloud setups. When tasked with advanced cloud audits, we begin our engagements with a detailed security architecture review. Leveraging technical documentation and punctual interviews, we determine the most critical assets, the internal data flows and the security controls built around those.

    By combining tooling (Cloudspoit, Prowler, G-Scout, ForsetiSecurity and custom scripts) with manual review, we perform in-depth audits that expose concrete risks and suggest actionable mitigations. Examples of identifiable misconfigurations, weaknesses, and departures from best practices include, but are not limited to, exposed services, lack of network filtering, weaknesses in identities management, missing network isolation and insecure network design that could facilitate data exfiltration or lateral movement.

    Given the fast-changing offering of public cloud services and features, our consultants are hands-on practitioners that alternate engagements with research and training. When combining a web application engagement with a cloud audit puts Doyensec in a privileged position to identify vulnerabilities at the intersection of applications and cloud controls. This is a typical blind spot that is often missed by standard web engagements.

Information Gathering and Reconnaissance

  • DNS Hosts and Domains
  • IPv4 and IPV6 Addresses
  • Exposed Ports and Services
  • Accounts, Regions and Availability Zones
  • Features Implemented and Services in Use Identity and Access Management (IAM) Enumeration and Mapping


  • Infrastructure as Code Pipelines
  • Configuration Management
  • Serverless Applications
  • Multi-Account and Multi-Cloud Implementations
  • Network ACLs and Security Groups
  • Server-Side Request Forgery (SSRF) Protections Continuous Integration and Continuous Delivery (CI/CD) Pipelines


  • RBAC Implementation
  • Overly Permissive Roles
  • Unmaintained Roles and Groups Privilege Escalation Patterns from Internal Components and Personnel


  • SSO Configuration
  • Multi-Factor Authentication
  • Session Lifetimes
  • Password Policies
  • Bruteforce Protection on Public Services
  • Missing Authentication Checks


  • Key Management and Rotation
  • Database and Bucket Encryption
  • TLS Implementaiton Between Services
  • TLS Configuration For Public Endpoints

Data Protection

  • Bucket ACLs, Permissions and Logging
  • Encryption of Credentials and Sensitive Data in Transit and At Rest
  • Excess Data Storage PII & Geolocation Data Management

Data Exfiltration

  • Insufficient Network ACLs
  • Missing Network Isolation or Segregation Layers
  • Plaintext-protocol Services
  • Insecure Network Design and Operational Practices That Facilitate
  • Lateral Movement

our research articles

Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use %25 of their time exclusively for self-directed research.

show more publications