SANS Penetration Testing: Category - cloud

SANS Penetration Testing:

Pen Testing in the Cloud

[Editor's Note: Penetration testers and ethical hackers are increasingly being called upon to evaluate the security of cloud-based applications, services, and infrastructures. Such work is fraught with political and technical complexity. Chris Brenton, one of the smartest guys I know in the cloud and distributed computing space, has written a great article that can help penetration testers sort out the issues. He provides specific tips on testing Iaas, PaaS, and SaaS cloud deployments. The nicest thing about this article is that Chris doesn't assume the reader is a cloud expert, but, instead, he walks you through various cloud issues and focuses on what professional penetration testers really need to know. This article originally appeared in Pen Test Magazine several months ago. Chris offered it to the SANS Pen Test blog to help our readers deal with cloud computing pen test issues. He's also got a brand-new blog focused on cloud issues, which you can find at