Scale to Zero - No Security Questions Left Unanswered Getting Started with Cloud Pentesting | Ft. Scott Weston | Ep.78 | Scale To Zero Podcast | Cloudanix
Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap. We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice. Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model
00:00 Teaser and Introduction
04:35 Introducing self-developed tool GCPwn
07:30 Is GCPwn an active or passive pen testing tool?
08:47 Envisioning GCPwn for users
10:15 Areas GCPwn does not suit well
12:16 Future Roadmap of GCPwn
13:41 AWS Pwn landscape after year 2016
15:51 Describing Shared Responsibility Model
19:20 Security considerations of cloud platforms as a cloud pentester
22:25 Are pentesting certifications enough?
28:07 Common cloud misconfiguration to look for
35:26 Tools to get started with pen-testing
38:38 Cloud platforms to focus on as a beginner
41:30 Where to get started as a cloud pentester
44:00 Learning resources
53:29 Summary
54:30 Reading and other recommended resources