Watch Bishop Fox's Seth Art on Episode 188 of Cloud Security Podcast. Cloud configuration review is not a cloud security pen test! Black Hat USA 2023 & DEFCON 31 conversations included Cloud Security Podcast asking traditional and experienced pen testers about their opinion on cloud security pen testing and the divide was between it being a config review or a product pen test. For this episode we have Seth Art from Bishop Fox to clarify the myth.
05:17 A bit about Seth Art
06:44 Network vs Infrastructure Security Pentest
08:00 Internal vs External Network Security Pentest
10:26 Assumed vs Objective Based Pentest
12:51 Is network pen test dead?
14:04 How to approach network and cloud pen tests?
20:12 Cloud pen test is more than config review
24:04 Examples of cloud pen test findings
30:07 Scaling pen tests in cloud
32:25 Traditional skillsets to cloud pen test
36:58 A bit about cloudfoxable
39:31 Cloud pen test and Zero Trust
40:54 Staying ahead of CSP releases
44:31 Third party shared responsibility
47:35 1 fun question
48:36 Boundary for cloud pen test