Cloud Penetration Testing Playbook
Release Date: 07/12/2019
Working Group: Top Threats
This work focuses on testing systems and services hosted in public cloud environments. This refers to customer-controlled or customer-managed systems and services. For example, a custom virtual machine, managed and controlled by the cloud customer, in an IaaS environment would be in-scope whereas the hypervisor of an IaaS environment that is controlled by the cloud service provider isn’t. As for testing hybrid clouds, this document does not cover the hybrid interface and on-premises environment.
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form