DevOps Penetration Testing
In addition to performing manual testing for an application, Veracode DevOps Penetration Testing can improve the following:
Infrastructure
-
Datacenter attack surfaces (proprietary or cloud-based) including:
- Architecture that hosts applications
- Border-security devices
- Communication systems (PBX, and routing)
- Unknown, or rogue, servers or services
-
Microservices and related interactions
-
Searches for major sources of data leaks and breaches, such as the following:
- Misconfigured AWS S3 buckets
- Exposed MongoDB instances
- Elasticsearch databases
Veracode DevOps Penetration Testing also uses Open Source Intelligence (OSINT) techniques to find vulnerabilities in infrastructure.
Application developers
- Use of Open Source Intelligence (OSINT) techniques to conduct GitHub repository and Stackoverflow analysis for the following:
- Exposed credentials
- Exposed sensitive data related to application development
- Job boards
- Other potential problem areas
- Locating information vulnerable to targeted phishing or social engineering attacks on developers and the organization
Veracode DevOps Penetration Testing meets PCI DSS 11.3 and GDPR Article 32 compliance requirements.