Skip to main content

DevOps Penetration Testing

In addition to performing manual testing for an application, Veracode DevOps Penetration Testing can improve the following:


  • Datacenter attack surfaces (proprietary or cloud-based) including:

    • Architecture that hosts applications
    • Border-security devices
    • Communication systems (PBX, and routing)
    • Unknown, or rogue, servers or services
  • Microservices and related interactions

  • Searches for major sources of data leaks and breaches, such as the following:

    • Misconfigured AWS S3 buckets
    • Exposed MongoDB instances
    • Elasticsearch databases

    Veracode DevOps Penetration Testing also uses Open Source Intelligence (OSINT) techniques to find vulnerabilities in infrastructure.

Application developers

  • Use of Open Source Intelligence (OSINT) techniques to conduct GitHub repository and Stackoverflow analysis for the following:
    • Exposed credentials
    • Exposed sensitive data related to application development
    • Job boards
    • Other potential problem areas
    • Locating information vulnerable to targeted phishing or social engineering attacks on developers and the organization

Veracode DevOps Penetration Testing meets PCI DSS 11.3 and GDPR Article 32 compliance requirements.