6      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778584 - Pen-Testing Your Cloud Infrastructure Environment


Oct 19, 2021 11:45am ‐ Oct 19, 2021 12:45pm



Credits: None available.

Description

Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the No. 1 risk in the cloud: misconfiguration. In this session, we will walk through pen testing your cloud security posture - what it looks like, how to approach it in-house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it. This session will provide security professionals with a framework for approaching pen testing cloud environments and feature real-world misconfiguration exploits and actionable information you can use to begin incorporating your cloud attack surface in your pen testing plan.

Learning Objectives:
  • Define the differences between traditional pen testing and cloud pen testing and how to think like a hacker in pen testing cloud environments.
  • Describe cloud misconfiguration attacks, and perform internal cloud security testing and vulnerability assessments.
  • Define a bounty-driven exercise to employ white hat hackers to probe your cloud environment to identify vulnerabilities that compliance and security tools can miss.

Speaker(s):

Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.