Cloud assessments by :- Aakash Goel
•
2 likes•314 views
What to test? Shared responsibility Cloud pentest Cloud pentest automated tool Security views Technical jargons
Report
Share
Cloud assessments by :- Aakash Goel
- 1. Cloud Assessments Aakash Goel & Ankit Arora Security Compass
- 2. Reality Check. Cloud is real. • Net worth of software market affected by cloud computing - US$384 billion1 and growing. • Bridging the cost-computing gap • Automation • Agility • Disaster Recovery • Centralised Control • Visibility
- 4. Shared Responsibility Model Customer - Security ‘in’ the cloud Provider - Security ‘of’ the cloud
- 5. Cloud Pentest Configurations Access Control Sensitive data at rest Log Visibility
- 6. What to look at Knowing what services you have running 01 Knowing what resources those services create, are they making instances, endpoints, other things. What are the default configurations of those resources. 02 Making sure you are testing the right thing. Testing the authentication checks. something like API Gateway enforces is a fruitless endeavour and you are less testing your actual code than you are cloud. 03
- 7. Automated Tools AWS Trusted Advisor AWS Config Scout2 Prowler Security Monkey Cloud Custodian CloudSploit
- 8. AWS vs GCP vs Azure Security Views Technical Jargons Tooling
- 10. We’re hiring Associates - https://grnh.se/f5j5jxo51 Consultants - https://grnh.se/a0xc7kv41 Seniors - https://grnh.se/ix4fx2is1