Skip to the content
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
LOG IN

Is it necessary to penetration test a website hosted on the cloud?

hand with cloud security and padlock

Cloud hosting (such as with AWS, Azure Cloud, etc) is relatively new, and has quickly superseded traditional methods of website hosting. But how is cloud hosting different? Are there security advantages? And is penetration testing still necessary?

Prior to cloud hosting, there were two primary methods for hosting a website – maintaining a physical server, or using a web hosting company. Regardless of the method used, this meant that the website was located on a single physical which ‘served’ the site to anyone wanting to access it. Cloud hosting on the other hand, hosts websites on multiple interconnected web servers.

Advantages of cloud hosting

One advantage of cloud hosting is there is no single point of failure. If a natural disaster or hardware failure renders one server inoperable, the other servers can substitute it, resulting in greater server uptime (the amount of time a system is running and available, opposed to being inaccessible due to maintenance, hardware failure, etc.). Users will also experience faster load speeds as these servers are dispersed, meaning that there is less distance between users and the server they’re fetching the website from.

The Cloud also makes scalability incredibly easy, as resources such as storage and RAM can be increased or reduced with the click of a button. Compare this to maintaining your own server, where increasing resources such as processing power (CPU) would involve replacing physical hardware within the server. Not only does this result in downtime as the server is upgraded, but any unutilised processing power would be wasted.

Security on The Cloud

But what about security? Well there are some security benefits to hosting a website on the cloud, primarily due to virtualization – meaning your data is segmented, reducing the ease at which an intruder can access to different data. For the vast majority of security concerns however, cloud hosting is exactly the same as traditional hosting.

Take for example, third party software. Many servers will be running software such as Nginx and Apache. This software can, and often does, have security vulnerabilities which are routinely patched. If these patches aren’t applied, your server is vulnerable (and generally speaking, no – your cloud provider does not patch your server for you). This software must also be securely configured. Misconfigurations (and other things such as weak passwords) can leave otherwise secure software vulnerable. Unneeded ports should also be closed, as open ports give attackers a means through which to communicate with your server.

If that wasn’t enough, websites themselves offer plenty of opportunities for attackers. They’re often exploited to steal sensitive data, defaced, or even brought under the attacker’s control and used to launch further attacks (such as being used as part of a botnet – a network of computers controlled by a malicious actor). This is because websites are built from code, and the people writing that code often make mistakes – which create vulnerabilities. Once again, cloud hosting providers provide no form of security verification or testing of the websites hosted on their servers (though they will take-down any site discovered to be malicious). Cloud hosted websites should therefore be penetration tested – and this is the sole responsibility of the owner.

As you can see, from a security perspective, it really doesn’t matter whether a website is hosted on a company’s own physical servers, with a hosting company, or in the cloud. Cloud providers may provide some layers of security, such as WAFs (web application firewalls), but ultimately, the management of security is entirely up to whoever is renting the server, and penetration testing is absolutely necessary. Vertex Cyber Security is a CREST ANZ certified penetration tester, and are happy to answer any queries you may have via phone 1300 2 CYBER (29237) or email .

If you’d like to learn about the different types of penetration testing and the difference between them, be sure to check out our blog post.

CATEGORIES

Cloud - Cyber Attack - Cyber Security - Hosting - Penetration Testing - Vulnerability

TAGS

cloud - cyber security - ethical hacking - penetration testing

SHARE

PrevPrevious‘Hey Mum’ Scam
NextWhat is DISP (Defence Industry Security Program)?Next

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.