Microsoft Cloud Security Penetration Testing: 5-Day Assessment

OSCP certified Ethical Hackers from BDO will perform penetration tests on your Microsoft environment and set-up Microsoft Azure and Microsoft 365 to carefully test for vulnerabilities, configuration errors, and identify other cybersecurity risks. The use and design of the correct protection measures such as Microsoft Defender, Microsoft Sentinel, and Microsoft Intune will be tested and examined.

The Ethical Hacking Test White Box | White Box tests will be performed based on information known in advance such as login details, which allows for more specific testing on certain elements. Gray Box | In Gray Box testing, limited information is known about the infrastructure of an environment. These tests allow us to examine the infrastructure and determine what still needs to be tested. Black Box | In a Black Box investigation, no information about the environment is known in advance. In this scenario, security is tested without prior knowledge of the environment. Custom | For specific wishes, sensitive environments or multidisciplinary assignments such as Red or Purple Teaming will be given a tailor-made proposal in consultation.

Performance
Clear coordination of the scope and objective of a security and/or penetration test will take into account industry specifics, company and environmental characteristics, and a threat analysis through a joint assessment of the potential cybersecurity threats. Test design can be with or without "credentials" and is focused on one or more specific environments. These tests search for sensitive information such as financial data or IP, accessible systems, network infrastructure, certain applications, etc. The implementation of these applications are based on best practice, the right tools, and specific expertise according to (international) standards such as OWASP, NIST 800-115. The correct implementation of frameworks testing identifies ISO 27001, NIST, BIO or NEN) or specific framework requirements such as DigiD or PCI DSS vulnerabilities in applications and infrastructure. Penetration testing, among other things, aims to gain access to the applications, systems, and data in scope.

Delivery
A thorough test tailored to customer needs, scope, and threats will be delivered.

The test will include:
Support for audit purpose
Clear report with a heatmap and an understandable language
Clear context of Common Vulnerabilities and Exposures (CVE)
Immediate response to serious vulnerabilities
Clear and aligned risk rating and explanation of impact
Points for improvement and clear advice on the design of Microsoft Azure and Microsoft 365
Advice on application Microsoft Defender, Microsoft Sentinel, Microsoft Intune and Microsoft Purview
Management summary