Cloud 101CircleEventsBlog

Download Publication

Cloud Penetration Testing Playbook
Cloud Penetration Testing Playbook

Cloud Penetration Testing Playbook

Release Date: 07/12/2019

Working Groups: Top Threats Data Security

As cloud services continue to enable new technologies and see massive adoption there is a need to extend the scope of penetration testing into public cloud systems and components. The process described here aims to provide the foundation for a public cloud penetration testing methodology and is designed for current and future technologies that are hosted on public cloud environments or services. In particular, this document focuses on penetration testing of applications and services hosted in the cloud. It addresses the methodological and knowledge gaps in security testing of information systems and applications in public cloud environments.

This work focuses on testing systems and services hosted in public cloud environments. This refers to customer-controlled or customer-managed systems and services. For example, a custom virtual machine, managed and controlled by the cloud customer, in an IaaS environment would be in-scope whereas the hypervisor of an IaaS environment that is controlled by the cloud service provider isn’t. As for testing hybrid clouds, this document does not cover the hybrid interface and on-premises environment.
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources
How to Design a Secure Serverless Architecture
How to Design a Secure Serverless Architecture
Data Loss Prevention in Healthcare
Data Loss Prevention in Healthcare
What is IAM for the Cloud?
What is IAM for the Cloud?
Artificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Published: 11/27/2023
5 Tips to Defend Against Access Brokers This Holiday Season
5 Tips to Defend Against Access Brokers This Holiday Season
Published: 11/27/2023
Accelerating Zero Trust Maturity: Strategic Quick Wins
Accelerating Zero Trust Maturity: Strategic Quick Wins
Published: 11/20/2023
The Difference Between CSPM and SSPM
The Difference Between CSPM and SSPM
Published: 11/20/2023
Using Threat Intelligence to Break Down Security Silos
Using Threat Intelligence to Break Down Security Silos
November 30 | Online
Using Threat Intelligence to Break Down Security Silos
Using Threat Intelligence to Break Down Security Silos
November 30 | Online
The Need for Intelligence-Driven Incident Response
The Need for Intelligence-Driven Incident Response
December 7 | Online
The Need for Intelligence-Driven Incident Response
The Need for Intelligence-Driven Incident Response
December 7 | Online

Acknowledgements

Michael Roza
Michael Roza
Head of Risk, Audit, Control and Compliance

Michael Roza

Head of Risk, Audit, Control and Compliance

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Victor Chin Headshot Missing
Victor Chin

Victor Chin

This person does not have a biography listed with CSA.

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Greg Jensen Headshot Missing
Greg Jensen

Greg Jensen

This person does not have a biography listed with CSA.

Asaf Hecht Headshot Missing
Asaf Hecht

Asaf Hecht

This person does not have a biography listed with CSA.

Shlomi Ohayon Headshot Missing
Shlomi Ohayon

Shlomi Ohayon

This person does not have a biography listed with CSA.

Chris Farris Headshot Missing
Chris Farris

Chris Farris

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training