Description
For years, computing workloads have steadily shifted to the cloud, with analysts predicting that most companies will soon rely on public and other cloud environments. Even organizations that start with a cloud-first strategy may eventually adopt hybrid cloud and local data center solutions, but cloud usage is not expected to decline. As a result, assessing the security of cloud-delivered services is crucial when evaluating organizational risks. In this course, you’ll learn the latest cloud-focused penetration testing techniques and how to assess cloud environments.
A common question about cloud security is, “Do I need training specifically for cloud penetration testing?” and “Can traditional pen test skills be applied to the cloud?” The answer to both is yes. However, it’s essential to understand why cloud-specific penetration testing is important. In cloud service provider environments, you won’t encounter the familiar data center setup. Ownership of the operating system, infrastructure, and applications is often very different from traditional setups, and they may be hosted on shared environments unique to each provider.
What sets cloud-native environments apart? According to the Cloud Native Computing Foundation, cloud-native applications consist of containers, service meshes, microservices, immutable infrastructure, and declarative APIs. While these components exist outside the cloud, in the cloud, they are further decomposed into services offered by providers. For example, a microservices architecture may involve virtual machines, containers, or even serverless hosting. The complexity of cloud environments requires a different approach to assessment, keeping legal considerations in mind while applying new techniques to what were once legacy attacks.
SANS SEC588 covers these topics extensively, focusing on modern cloud-specific concerns such as microservices, in-memory data stores, cloud file systems, serverless functions, Kubernetes meshes, and containers. It also includes detailed instruction on Azure and AWS penetration testing—essential since these two providers dominate the cloud market. The course aims not just to introduce you to these technologies, but to teach you how to assess and report on the real risks organizations face if their cloud services remain insecure.
Download eBook CompTIA DataSys+ Study Guide: Exam DS0-001
Course Syllabus
SEC588.1: Discovery, Recon, and Architecture at Scale
SEC588.2: Mapping, Authentication, and Cloud Services
SEC588.3: Azure and Windows Services in the Cloud
SEC588.4: Vulnerabilities in Cloud Native Applications
SEC588.5: Exploitation and Red Team in the Cloud
SEC588.6: Capstone
Download video training
Size 2.9GB
Download Part1
Download Part2
Download Part3
Download Part4
Download Part5
Download Part6
Download Part7
- Design