What We Discuss with Nishant Sharma:
- 00:00 Introduction
- 03:51 https://snyk.io/csp
- 04:51 What is Cloud Pentesting?
- 06:19 Cloud pentesting vs Web App & Network
- 08:37 What is AWS Goat?
- 13:12 Do you need permission from AWS to do pentesting?
- 14:03 Pentesting an application vs pentesting AWS S3
- 15:40 What is AWS Goat testing?
- 18:14 Cloud penetration testing tools
- 19:59 How useful is a metadata of a cloud instance?
- 22:24 AWS Pentesting and OWASP Top 10
- 25:31 How to build internal training for Cloud Security?
- 29:43 Keep building knowledge on AWS Goat
- 30:33 Using CloudShell for AWS pentesting
- 34:09 ChatGPT for cloud pentesting
- 36:28 Vulnerable serverless application
- 39:40 Pentesting Amazon ECS
- 43:01 How do you protect against ECS misconfigurations?
- 47:38 What is the future plan for AWS Goat?
- 50:28 Fun Questions
THANKS, Nishant Sharma!
If you enjoyed this session with Nishant Sharma, let him know by clicking on the link below and sending him a quick shout out at his website:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at firstname.lastname@example.org.
Resources from This Episode
- AWS Goat – https://github.com/ine-labs/AWSGoat
- OWASP.Org – AWS Goat presentation – https://owasp.org/www-chapter-singapore/assets/presos/AWSGoat_-_A_Damn_Vulnerable_AWS_Infrastructure.pdf