12      0


1778584 - Pen-Testing Your Cloud Infrastructure Environment


‐ Oct 19, 2021 11:45am

Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the No. 1 risk in the cloud: misconfiguration. In this session, we will walk through pen testing your cloud security posture - what it looks like, how to approach it in-house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it. This session will provide security professionals with a framework for approaching pen testing cloud environments and feature real-world misconfiguration exploits and actionable information you can use to begin incorporating your cloud attack surface in your pen testing plan.

Learning Objectives:

  • Define the differences between traditional pen testing and cloud pen testing and how to think like a hacker in pen testing cloud environments.
  • Describe cloud misconfiguration attacks, and perform internal cloud security testing and vulnerability assessments.
  • Define a bounty-driven exercise to employ white hat hackers to probe your cloud environment to identify vulnerabilities that compliance and security tools can miss.

Speaker(s):

Tags:

Intermediate

You must be logged in and own this session in order to post comments.