top of page
Search content

Frequently asked questions

How to prepare for an Ethical hacking / Penetration testing job?

What is an ethical hacking / penetration testing job?

What is Data protection profession / Privacy profession?

What is Security operations center (SOC) job?

What is GRC / ISO27001 / ITGC career?

What are the various free / open source test platforms to practice ethical hacking / penetration testing?

How to practice Android security testing?

What are the common interview questions in Ethical hacking / Penetration testing job interviews?

What are the tools to learn ethical hacking / Penetration testing?

Where to practice ethical hacking on Cloud setup?

How to practice API testing for free?

How to prepare for an ITGC / ISO27001 / GRC job?

Where to practice ethical hacking on Cloud setup?

Helpful resources

Cloud penetration testing is designed to assess the strengths and weaknesses of the cloud environment/system to improve overall security postures. Cloud penetration testing is an attack simulation performed to find vulnerabilities that can be exploited or to find any misconfigurations in a cloud-based system.


Before moving to practice cloud security or cloud penetration testing, one has to learn the basics of Cloud Computing like what is cloud/cloud computing, types of cloud, service models, cloud service providers, advantages and disadvantages, etc.


So, a cloud-based testing or cloud penetration testing is an approach that uses cloud-based tools to emulate real-world user traffic and environments for testing any type of application, network and infrastructure. Cloud security vulnerabilities involve insecure api’s, supply chain attack, data exfiltration, mitm attack, misconfigured instances, misconfigured cloud storages, poor access management and privileged account access etc.


OWASP Top10 Cloud Security Risks :


  • R1. Accountability & Data Risk

  • R2. User Identity Federation

  • R3. Legal & Regulatory Compliance 

  • R4. Business Continuity & Resiliency 

  • R5. User Privacy & Secondary Usage of Data 

  • R6. Service & Data Integration 

  • R7. Multi-tenancy & Physical Security 

  • R8. Incidence Analysis & Forensics 

  • R9. Infrastructure Security 

  • R10. Non-production Environment Exposure

Links

Cloud Computing Tutorials : 

https://www.javatpoint.com/cloud-computing-tutorial


OWASP Cloud Top10 Security Risks :

https://owasp.org/www-pdf-archive/OWASP_Cloud_Top_10.pdf


OWASP Cloud-Native Application Security Top 10 :

 https://owasp.org/www-project-cloud-native-application-security-top-10/


Cloud Setup :

https://hackingthe.cloud/

https://github.com/Hacking-the-Cloud/hackingthe.cloud


AWS Security Parameter : 

https://cloudonaut.io/aws-security-primer/


Cloud Vulnerable Environments :

Online:

http://flaws.cloud/

http://flaws2.cloud/


Offline:

AWSGoat : https://github.com/ine-labs/AWSGoat

Cloudgoat : https://github.com/RhinoSecurityLabs/cloudgoat

DVCA : https://github.com/m6a-UdS/dvca

AWS Detonation Lab : https://github.com/sonofagl1tch/AWSDetonationLab

AWS Vulnerable Lambda : https://github.com/torque59/AWS-Vulnerable-Lambda

Cloudgoat Setup and Walkthrough : https://resources.infosecinstitute.com/topic/working-with-cloudgoat-the-vulnerable-by-design-aws-environment/

https://rhinosecuritylabs.com/aws/cloudgoat-walkthrough-rce_web_app/


Youtube :

Cloud Security Explained : https://www.youtube.com/watch?v=gTPjwkXt20k

Cloud Penetration Testing Workshop | SANS : https://www.youtube.com/watch?v=fiSJQfiS21c

AWS Penetration Testing and Lab Setup : https://youtube.com/playlist?list=PLaF-mVL3srXy4qhzqfPozYzIs4Rq-oNKI

Hacking Cloud - AWS(Cloudgoat) : https://www.youtube.com/watch?v=P1Bv6dfB0Vo

AWSGoat Installation and Exploitation : https://www.youtube.com/playlist?list=PLcIpBb4raSZEMosUmY8KpxPWtjKRMSmNx

Videos
bottom of page