Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the No. 1 risk in the cloud: misconfiguration.
In this session, we will walk through pen testing your cloud security posture - what it looks like, how to approach it in-house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it.
This session will provide security professionals with a framework for approaching pen testing cloud environments and feature real-world misconfiguration exploits and actionable information you can use to begin incorporating your cloud attack surface in your pen testing plan.
Define the differences between traditional pen testing and cloud pen testing and how to think like a hacker in pen testing cloud environments.
Describe cloud misconfiguration attacks, and perform internal cloud security testing and vulnerability assessments.
Define a bounty-driven exercise to employ white hat hackers to probe your cloud environment to identify vulnerabilities that compliance and security tools can miss.