Network Pentest 2.0 : The Cloud Pentest Revolution
Cloud Security Podcast22 Elo 2023

Network Pentest 2.0 : The Cloud Pentest Revolution

Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth.


Episode YouTube: ⁠ ⁠Video Link⁠⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Seth Art's Linkedin ⁠⁠⁠⁠⁠⁠(⁠⁠Seth Art Linkedin)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Question


(00:00) Introduction

(05:17) A bit about Seth Art

(06:44) Network vs Infrastructure Security Pentest

(08:00) Internal vs External Network Security Pentest

(10:26) Assumed vs Objective Based Pentest

(12:51) Is network pentest dead?

(14:04) How to approach network and cloud pentests?

(20:12) Cloud pentest is more than config review

(24:04) Examples of cloud pentest findings

(30:07) Scaling pentests in cloud

(32:25) Traditional skillsets to cloud pentest

(36:58) A bit about cloudfoxable

(39:31) Cloud pentest and Zero Trust

(40:54) Staying ahead of CSP releases

(44:31) Third party shared responsibility

(47:35) 1 fun question

(48:36) Boundary for cloud pentest

(52:21) Last 2 fun questions


These are some of the resources that Seth shared during the episode along with the tools he has created

See you at the next episode!

Jaksot(344)

A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!

A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fiveth episode in this series Eve Ben Ezra from The New York Times. GitOps, OPA Conftest, ArgoC...

11 Touko 202331min

THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS!

THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS!

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Mackenzie Jackson from GitGuardian. Mackenzie Jackson from GitGua...

9 Touko 202332min

Kubernetes Cluster Security Audit Explained

Kubernetes Cluster Security Audit Explained

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Shane Lawrence and Daniele Santos from Shopify explained how kube...

3 Touko 202341min

Network Security for Kubernetes

Network Security for Kubernetes

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the third episode in this series, we spoke to Liz Rice ( Liz's Linkedin⁠). Liz Rice from Isova...

16 Huhti 202340min

CONTINUOUS KUBERNETES SECURITY IN 2023

CONTINUOUS KUBERNETES SECURITY IN 2023

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the second episode in this series, we spoke to Andrew Martin (Andrew's Linkedin). Kubernetes S...

14 Huhti 202358min

2023 What Kubernetes Security Looks Like Today Series- DevSecOps

2023 What Kubernetes Security Looks Like Today Series- DevSecOps

Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the first episode in this series, we spoke to Kirsten Newcomer (Kirsten's Linkedin). Kirsten ...

13 Huhti 202347min

IS THERE DEVSECOPS IN CLOUD? 🤔

IS THERE DEVSECOPS IN CLOUD? 🤔

Cloud Security Podcast -  This month we are talking about "Cloud Security - the Leadership View" and for the final episode in this series, we spoke to Guy Podjarny ( GuyPo's Linkedin). If you are work...

27 Maalis 202350min

How to Build a Modern Cyber Security Program in 2023

How to Build a Modern Cyber Security Program in 2023

Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and this week in this series, we spoke to Larry Whiteside Jr ( Larry's Linkedin ) If you are working on...

11 Maalis 202359min