Home Security & Compliance VAPT Reports Cloud Security Assessment Report – November 2025

Cloud Security Assessment Report – November 2025

  • Print
27 Nov 2025
14
0

This is to certify that SecIQ Technologies has performed a Cloud Security Assessment from 14-Oct-2025 to 03-Nov-2025 for the uKnowva AWS Cloud Infrastructure.

Executive Summary

Scope of Testing:

The scope of this assessment was limited to the uKnowva AWS Cloud Infrastructure. The following AWS services were covered during the assessment:

  • EC2
  • RDS
  • S3
  • CloudFront
  • CloudTrail
  • ELBv2
  • IAM
  • VPC
  • WAFv2
  • Inspector2

The cloud infrastructure was tested for compliance with cloud security best practices, misconfiguration detection, and adherence to recommended AWS security guidelines.

Findings & Summary

The uKnowva cloud environment was thoroughly assessed to identify potential security misconfigurations, weak access controls, exposure risks, and deviation from AWS best practices.

Several security issues were identified during the assessment. All High-severity issues were remediated and verified as Closed during retesting. These included:

  • Security Groups configured to allow all ports open to the public
  • EC2 instances missing IMDSv2 enforcement, increasing metadata exposure risk
  • IAM roles without confused deputy protection
  • SNS topics found unencrypted, risking data leakage
  • CloudTrail disabled, reducing audit visibility and incident traceability

All High-severity items have been remediated successfully.

Business-Critical Risks

The uKnowva AWS Cloud Infrastructure was identified to have the following business-critical risks. All of the issues listed below have been closed after remediation and validation:

  • Security Group configurations allowed 0.0.0.0/0 or ::/0 access, increasing the attack surface
  • IMDSv2 was disabled on EC2 instances, exposing the environment to SSRF-based metadata theft
  • IAM Service Roles lacked confused deputy protection, enabling unauthorized role assumption
  • Multiple SNS topics were unencrypted, exposing sensitive notifications
  • CloudTrail was disabled, reducing the ability to detect, track, or investigate unauthorised activities

Approach

This assessment was conducted using a cloud security audit approach from the perspective of both authenticated and unauthenticated cloud users. All testing activities simulated the actions of malicious actors while ensuring that no disruption occurred to production systems.

The assessment involved both manual evaluation and open-source automated tools. The following phases were covered:

  • Cloud Scans
  • Cloud Security Audit & Configuration Review
  • Triage & Exploitation
  • Report Generation & Review

Tools and techniques were used to validate cloud misconfigurations, IAM weaknesses, logging and monitoring gaps, network exposures, and storage-level controls.

Assessment Report (Summary)

All High-severity findings identified in the assessment have been resolved and verified as closed. The uKnowva AWS Infrastructure now aligns more closely with AWS security best practices within the tested scope.

If you encounter any issues, please write to This email address is being protected from spambots. You need JavaScript enabled to view it.. Our support team will be happy to assist you!

Was this Article helpful?