- Knowledge Base
- System & Network Scanning
- Troubleshooting
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
Cloud services scanning and compliance audit
Cloud services, e.g. AWS, offers RDS (Relational Database Service), which is a managed service for databases. Using a managed service makes it easier to install and maintain a database. However, security assessment can be more challenging in such databases, since the vendor seals them.
For example, it might not be possible to access a system schema to determine if a database is vulnerable or not.
Cloud services can be provided as-a-service, which might mean that no IP addresses nor web app URL are available, only a hostname and port is available.
- The associated IPs are dynamic and can change, hence you can’t scan it.
- Even though you can find an IP, it is not accurate to scan it because it might change the other minute and your RDS instance is also spread out over several IP addresses.
It is in this case more relevant to do an Audit for the cloud service.
Each cloud provider has their recommendations on how to do so, like for AWS (external links):
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/RDS-compliance.html