Cloud 101CircleEventsBlog
Register now for CSA’s free Virtual AI Summit taking place January 17-18th

Download Publication

Cloud Penetration Testing Playbook
Cloud Penetration Testing Playbook

Cloud Penetration Testing Playbook

Release Date: 07/12/2019

Working Groups: Top Threats Data Security

As cloud services continue to enable new technologies and see massive adoption there is a need to extend the scope of penetration testing into public cloud systems and components. The process described here aims to provide the foundation for a public cloud penetration testing methodology and is designed for current and future technologies that are hosted on public cloud environments or services. In particular, this document focuses on penetration testing of applications and services hosted in the cloud. It addresses the methodological and knowledge gaps in security testing of information systems and applications in public cloud environments.

This work focuses on testing systems and services hosted in public cloud environments. This refers to customer-controlled or customer-managed systems and services. For example, a custom virtual machine, managed and controlled by the cloud customer, in an IaaS environment would be in-scope whereas the hypervisor of an IaaS environment that is controlled by the cloud service provider isn’t. As for testing hybrid clouds, this document does not cover the hybrid interface and on-premises environment.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Data Loss Prevention in Healthcare
Data Loss Prevention in Healthcare
What is IAM for the Cloud?
What is IAM for the Cloud?
Mastering Data Flow: Enhancing Security and Compliance in the Cloud
Mastering Data Flow: Enhancing Security and Compliance in the Cloud
Published: 12/01/2023
A People-Centric Approach to Patching the Human Firewall
A People-Centric Approach to Patching the Human Firewall
Published: 11/29/2023
Not Just Code Vulnerabilities: The Overlooked Cause of Software Supply Chain Attacks
Not Just Code Vulnerabilities: The Overlooked Cause of Software Sup...
Published: 11/29/2023
Artificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Published: 11/27/2023
The Need for Intelligence-Driven Incident Response
The Need for Intelligence-Driven Incident Response
December 7 | Online
The Need for Intelligence-Driven Incident Response
The Need for Intelligence-Driven Incident Response
December 7 | Online

Acknowledgements

Michael Roza
Michael Roza
Head of Risk, Audit, Control and Compliance

Michael Roza

Head of Risk, Audit, Control and Compliance

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Victor Chin Headshot Missing
Victor Chin

Victor Chin

This person does not have a biography listed with CSA.

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Greg Jensen Headshot Missing
Greg Jensen

Greg Jensen

This person does not have a biography listed with CSA.

Asaf Hecht Headshot Missing
Asaf Hecht

Asaf Hecht

This person does not have a biography listed with CSA.

Shlomi Ohayon Headshot Missing
Shlomi Ohayon

Shlomi Ohayon

This person does not have a biography listed with CSA.

Chris Farris Headshot Missing
Chris Farris

Chris Farris

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training