Date: March 24, 2023
Time: 7:00 PM IST, 8:30 AM EST, 2:30 PM CET.
Topic: Penetration Testing Challenges for Cloud-Based Applications (IaaS, PaaS, SaaS)
Abstract: With security being impacted by the inherent shared responsibility model for the cloud environment, cloud applications (largely in IaaS and PaaS models) are the responsibility of client businesses. Though not directly, a part of application security responsibilities are transferred to the client’s end through identity and access management, encouraging the need for understanding the precise impact of implementing a shared responsibility model. Therefore, advanced security efforts such as ethical hacking and penetration testing are both feasible and necessary for secured virtual operations. Penetration testing for assets in the cloud will help businesses improve risk visibility, identify vulnerabilities, manage risks, and gain insights into associated telemetries to enhance security.
This webinar aims to understand the modus operandi for ethical hacking of cloud applications and develops a framework or checklist for some common threats and vulnerabilities associated with cloud-based applications.
Key takeaways:
- the need for penetration testing for cloud assets and environment
- understanding shared responsibility and how penetration testing fits in this SLA
- penetration testing in approach in AWS, Azure, and GCP
- understanding the common cloud security threats and vulnerabilities
- cloud penetration testing challenges
- cloud penetration testing best practices
Speaker:
Sergey Chubarov, Security Expert
Bio: Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years of experience in Microsoft technologies.
His day-to-day job is to help companies securely embrace cloud technologies. He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council’s C|EH, C|PENT, L|PT, C|CSE, C|EI, CREST C|PSA, C|RT and more.
Sergey often speaks at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin’ Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, etc.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)