Securing Airline Commerce: Penetration Testing for AWS Cloud Infrastructure

This case study details the engagement of a global travel technology provider with Bishop Fox to conduct penetration testing and PCI segmentation testing for its AWS cloud infrastructure. The primary objective was to validate the effectiveness of PCI segmentation controls and identify high- and critical-risk exposures that had not been previously detected. The customer had concerns about potential misconfigurations and segmentation gaps within their cardholder data environments, which were exacerbated by the complexity of their expanding cloud footprint. The assessment confirmed these concerns, uncovering previously unknown vulnerabilities and attack paths that could expose sensitive data. The engagement resulted in actionable findings that enabled the customer to take immediate corrective actions, improve their PCI audit readiness, and enhance their overall security posture. The collaboration provided clarity and depth, allowing the infrastructure team to respond effectively to identified risks.