Watch Bishop Fox's Seth Art on Episode 188 of Cloud Security Podcast. Cloud configuration review is not a cloud security pen test! Black Hat USA 2023 & DEFCON 31 conversations included Cloud Security Podcast asking traditional and experienced penetration testers about their opinion on cloud security pen testing and the divide was between it being a configuration review or a product penetration test. On this episode of Cloud Security Podcast, ⁠Seth Art clarifies the myth.

Discussion with Seth Art:

‍00:00 Introduction
‍05:17 A bit about Seth Art
‍06:44 Network vs Infrastructure Security Pentest
‍08:00 Internal vs External Network Security Pentest
10:26 Assumed vs Objective Based Pentest
‍12:51 Is network pen test dead?
‍14:04 How to approach network and cloud pen tests?
‍20:12 Cloud pen test is more than config review
‍24:04 Examples of cloud pen test findings
‍30:07 Scaling pen tests in cloud
‍32:25 Traditional skillsets to cloud pen test
‍36:58 A bit about cloudfoxable
‍39:31 Cloud pen test and Zero Trust
‍40:54 Staying ahead of CSP releases
‍44:31 Third party shared responsibility
‍47:35 1 fun question
‍48:36 Boundary for cloud pen test