CSA Official Press Release
Published 07/12/2019
Cloud Security Alliance Releases Cloud Penetration Testing Playbook
Reports provides foundation for public cloud penetration testing methodology
SEATTLE – July 12, 2019 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the Cloud Penetration Testing Playbook. Developed by the CSA Top Threats Working Group, the playbook addresses the methodological and knowledge gaps in the security testing of information systems and applications in public cloud environments with a focus on penetration testing of cloud-hosted applications and services. By providing advice on key topics the report aims to help mature cloud penetration testing and, in the process, create a more secure cloud computing environment.
The playbook represents a collective effort to provide guidance for the penetration testing of systems in public cloud environments and allows penetration testers to use the document’s objectives to test the security of public cloud systems and environments. It also touches legal and other associated concerns, aiming to educate key decision makers on the complexities of penetration testing in a multi-stakeholder, layered information technology stack.
"As cloud services become ever more integral to critical business capabilities, as well as foundational for many cloud-native businesses, it is past time we lift the veil on offensive cloud security and testing. In this publication, some of world’s leading cloud security experts and CSA proudly deliver this exclusive knowledge from the domain of the skilled few to the benefit of everyone," said Alexander Getsin, lead author and industry cyber security architect.
The CSA Top Threats Working Group, co-chaired by Jon-Michael Brook, principal contributor in the industry and CSA Research Fellow, was established to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.