Hear from Bishop Fox's Seth Art in Episode 161 of Cloud Security Podcast as he talks about his extensive experience with cloud penetration testing. If your organization is thinking about getting a pen test done on your AWS account or you want to learn how to pen test in AWS, you don’t want to miss this conversation with Ashish Rajan, Cloud Security Podcast host, and Seth Art.

Discussion with Seth Art:

• 00:00 Introduction
• 04:24 A bit about Seth
• 06:10 Web App Pentesting vs Cloud Pentesting
• 08:11 Working with scale of multiple AWS accounts
• 10:20 What can you expect to find with Cloud Pentesting?
• 12:14 Foundational pieces about approaching pentesting in Cloud
• 15:19 How to start a Cloud Pentest?
• 18:25 The importance of IAM
• 23:43 Common services in AWS to look at
• 25:58 Mistakes people make for scoping
• 29:18 The role of shared responsibility in Cloud Pentesting
• 32:38 Boundaries for AWS pentesting
• 35:13 Nmapping between 2 EC2 instances
• 36:37 How do you explain the findings?
• 40:26 Skillsets required to transition to Cloud Pentesting
• 45:41 Transitioning from Kubernetes to Cloud Pentesting
• 48:55 Resources for learning about Cloud Pentesting.
• 49:47 The Fun Section