6      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778584 - Pen-Testing Your Cloud Infrastructure Environment

Oct 19, 2021 11:45am ‐ Oct 19, 2021 12:45pm

Credits: None available.


Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the No. 1 risk in the cloud: misconfiguration. In this session, we will walk through pen testing your cloud security posture - what it looks like, how to approach it in-house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it. This session will provide security professionals with a framework for approaching pen testing cloud environments and feature real-world misconfiguration exploits and actionable information you can use to begin incorporating your cloud attack surface in your pen testing plan.

Learning Objectives:
  • Define the differences between traditional pen testing and cloud pen testing and how to think like a hacker in pen testing cloud environments.
  • Describe cloud misconfiguration attacks, and perform internal cloud security testing and vulnerability assessments.
  • Define a bounty-driven exercise to employ white hat hackers to probe your cloud environment to identify vulnerabilities that compliance and security tools can miss.


Tags: Intermediate


  • 1.00 - CPE

You must be logged in and own this session in order to post comments.