The document outlines a 7-step methodology for penetration testing the cloud: 1) Ask questions to define the scope, 2) Research the authentication measures of the specific cloud environment, 3) Formulate a threat statement, 4) Test normal operations, 5) Conduct vulnerability testing, 6) Analyze the results, and 7) Propose solutions. The researcher found that user credentials were exposed due to the cloud interface using HTTP instead of HTTPS, allowing an attacker to obtain admin credentials through hacking or social engineering. The proposed solution was to enable HTTPS to secure communications.