Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Cloud Security Podcast: Network Pentest 2.0 - The Cloud Pentest Revolution

Cloud configuration review is not a cloud security pen test! Seth Art clarifies the myth on this episode of Cloud Security Podcast.

Watch Bishop Fox's Seth Art on Episode 188 of Cloud Security Podcast. Cloud configuration review is not a cloud security pen test! Black Hat USA 2023 & DEFCON 31 conversations included Cloud Security Podcast asking traditional and experienced penetration testers about their opinion on cloud security pen testing and the divide was between it being a configuration review or a product penetration test. On this episode of Cloud Security Podcast, ⁠Seth Art clarifies the myth.

Discussion with Seth Art:

00:00 Introduction
05:17 A bit about Seth Art
06:44 Network vs Infrastructure Security Pentest
08:00 Internal vs External Network Security Pentest
10:26 Assumed vs Objective Based Pentest
12:51 Is network pen test dead?
14:04 How to approach network and cloud pen tests?
20:12 Cloud pen test is more than config review
24:04 Examples of cloud pen test findings
30:07 Scaling pen tests in cloud
32:25 Traditional skillsets to cloud pen test
36:58 A bit about cloudfoxable
39:31 Cloud pen test and Zero Trust
40:54 Staying ahead of CSP releases
44:31 Third party shared responsibility
47:35 1 fun question
48:36 Boundary for cloud pen test

Seth art

About the author, Seth Art

Principal Security Consultant

Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on penetration testing cloud environments, Kubernetes clusters, and traditional internal networks.

Seth is the author of multiple open-source projects including CloudFox, CloudFoxable, IAM Vulnerable, Bad Pods, celeryStalk, and PyCodeInjection. He has presented at security conferences, including fwd:cloudsec, DerbyCon, and BSidesDC, published multiple CVEs, and is the founder of IthacaSec, a security meetup in upstate NY.

More by Seth

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.