Redbot Security's Cloud Security Assessment (CSR) is a professional services offering that evaluates cloud infrastructure across AWS, GCP, and Azure environments. The assessment uses a whitebox (open-security) approach, requiring authorized access to the cloud environment to inspect consoles, run queries, and analyze configurations in detail. The service maps the cloud-based attack surface from both internal and external perspectives, identifying misconfigurations, excessive permissions, and exploitable weaknesses. It simulates real-world attack scenarios to expose security gaps that could lead to data breaches or unauthorized access. Reviews are conducted manually by senior engineers rather than relying primarily on automated tooling, given the contextual understanding required for each unique environment. The CSR covers the following review areas: - AWS: IAM policies, S3 bucket permissions, VPC configurations, and logging - Azure: Role-based access control, resource groups, networking, and storage - GCP: IAM roles, project structure, cloud storage, and network configuration - Firewall Configuration: Rulesets, access controls, segmentation policies, and change management - Container Security: Docker and Kubernetes image security, runtime configurations, orchestration policies, and cluster exposures - CI/CD Pipeline: Build and deployment pipelines for credential exposure, insecure code handling, and supply chain risks Infrastructure components reviewed include virtual networks/VPCs, VMs/EC2 instances, user and admin permissions, compute services, container services, database services, storage services, and management services. The CSR is explicitly not a penetration test but focuses on configuration analysis and security best practices guidance.