Cloud assessments by :- Aakash Goel

2 likes•326 views

The document discusses cloud computing's impact on the software market and highlights the growing importance of security within cloud services. It emphasizes the shared responsibility model between customers and providers, the need for effective security configurations, and the role of automated tools in cloud assessments. Additionally, it includes links for job opportunities in related fields.

Internet

Cloud Assessments
Aakash Goel & Ankit Arora
Security Compass

Reality Check.
Cloud is real.
• Net worth of software market affected by cloud
computing - US$384 billion1 and growing.
• Bridging the cost-computing gap
• Automation
• Agility
• Disaster Recovery
• Centralised Control
• Visibility

Shared Responsibility Model
Customer -
Security ‘in’
the cloud
Provider -
Security ‘of’
the cloud

Cloud Pentest
Configurations Access Control
Sensitive data
at rest
Log Visibility

What to look at
Knowing what services you
have running
01
Knowing what resources
those services create, are
they making instances,
endpoints, other things.
What are the default
configurations of those
resources.
02
Making sure you are testing
the right thing. Testing the
authentication checks.
something like API Gateway
enforces is a fruitless
endeavour and you are less
testing your actual code
than you are cloud.
03

Automated
Tools
AWS Trusted Advisor
AWS Config
Scout2
Prowler
Security Monkey
Cloud Custodian
CloudSploit

AWS vs GCP
vs Azure
Security Views
Technical Jargons
Tooling

Flaws Challenge
http://flaws.cloud

We’re hiring
Associates -
https://grnh.se/f5j5jxo51
Consultants -
https://grnh.se/a0xc7kv41
Seniors -
https://grnh.se/ix4fx2is1

More Related Content

PDF

Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage

PPTX

AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...Brian Andrzejewski

PPTX

Securing AWS environments by Ankit GiriOWASP Delhi

PPTX

How to implement DevSecOps on AWS for startupsAleksandr Maklakov

PPTX

Security Operations in the CloudArmor

KEY

AWS Security: A Practitioner's PerspectiveJason Chan

PPTX

CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic

PDF

AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong

Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage

AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...Brian Andrzejewski

Securing AWS environments by Ankit GiriOWASP Delhi

How to implement DevSecOps on AWS for startupsAleksandr Maklakov

Security Operations in the CloudArmor

AWS Security: A Practitioner's PerspectiveJason Chan

CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic

AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong

Similar to Cloud assessments by :- Aakash Goel (20)

PDF

Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez

PDF

Cloud Security Assessment Guide: Ensuring Robust Protection for Your Cloud En...unicloudm

PPTX

Cloud computing and Cloud security fundamentalsViresh Suri

PDF

The 3 Recommendations for Cloud SecurityVAST

PDF

Practical Cloud Security A Guide For Secure Design And Deployment 1st Edition...jaromdembo

PDF

Cloudbusting insights #2 first steps of cloud securityDaniel Tovey

PDF

Cloud Computing SecurityArunvignesh Venkatesh

PPT

Cloud Computing Security Issues Discover Cloud Computing

PDF

AWS November meetup SlidesJacksonMorgan9

PDF

AWS User Group NovemberPolarSeven Pty Ltd

PDF

Security Considerations When Using Cloud Infrastructure Services.pdfCiente

PDF

Presentation on Cloud Security 101 - 2024Sanjeev Kumar Jaiswal

PPTX

Cloud Security Zen: Principles to Meditate OnSamuel Reed

PDF

Enterprise Cloud Governance: A Frictionless ApproachRightScale

PDF

AWS Architecture Fundamentals - DenverNicole Maus

PPTX

Cloud Achitecture and Security.pptxIssahakukuwereJalilu

PDF

How Secure Is CloudWilliam Lam

PDF

Reality Check: Security in the CloudAlert Logic

PDF

Peering Through the Cloud Forrester EMEA 2010graywilliams

PPTX

Isaca cloud security presentation duncan unwin 16 jul13Duncan Unwin

Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez

Cloud Security Assessment Guide: Ensuring Robust Protection for Your Cloud En...unicloudm

Cloud computing and Cloud security fundamentalsViresh Suri

The 3 Recommendations for Cloud SecurityVAST

Practical Cloud Security A Guide For Secure Design And Deployment 1st Edition...jaromdembo

Cloudbusting insights #2 first steps of cloud securityDaniel Tovey

Cloud Computing SecurityArunvignesh Venkatesh

Cloud Computing Security Issues Discover Cloud Computing

AWS November meetup SlidesJacksonMorgan9

AWS User Group NovemberPolarSeven Pty Ltd

Security Considerations When Using Cloud Infrastructure Services.pdfCiente

Presentation on Cloud Security 101 - 2024Sanjeev Kumar Jaiswal

Cloud Security Zen: Principles to Meditate OnSamuel Reed

Enterprise Cloud Governance: A Frictionless ApproachRightScale

AWS Architecture Fundamentals - DenverNicole Maus

Cloud Achitecture and Security.pptxIssahakukuwereJalilu

How Secure Is CloudWilliam Lam

Reality Check: Security in the CloudAlert Logic

Peering Through the Cloud Forrester EMEA 2010graywilliams

Isaca cloud security presentation duncan unwin 16 jul13Duncan Unwin

More from OWASP Delhi (20)

PDF

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi

PDF

Securing dns records from subdomain takeoverOWASP Delhi

PDF

Effective Cyber Security Report WritingOWASP Delhi

PPTX

Data sniffing over Air GapOWASP Delhi

PPTX

UDP HunterOWASP Delhi

PDF

Demystifying Container EscapesOWASP Delhi

PPTX

Automating WAF using TerraformOWASP Delhi

PPTX

Actionable Threat IntelligenceOWASP Delhi

PDF

Threat hunting 101 by Sandeep SinghOWASP Delhi

PPTX

Owasp top 10 vulnerabilitiesOWASP Delhi

PPTX

Recon with Nmap OWASP Delhi

PDF

DMARC OverviewOWASP Delhi

PDF

Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi

ODP

Wireless security beyond password cracking by Mohit RanjanOWASP Delhi

PDF

IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi

PDF

Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi

PPTX

ICS Security 101 by Sandeep SinghOWASP Delhi

PDF

Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi

ODP

Hostile Subdomain Takeover by Ankit PrateekOWASP Delhi

PDF

DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi

Securing dns records from subdomain takeoverOWASP Delhi

Effective Cyber Security Report WritingOWASP Delhi

Data sniffing over Air GapOWASP Delhi

UDP HunterOWASP Delhi

Demystifying Container EscapesOWASP Delhi

Automating WAF using TerraformOWASP Delhi

Actionable Threat IntelligenceOWASP Delhi

Threat hunting 101 by Sandeep SinghOWASP Delhi

Owasp top 10 vulnerabilitiesOWASP Delhi

Recon with Nmap OWASP Delhi

DMARC OverviewOWASP Delhi

Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi

Wireless security beyond password cracking by Mohit RanjanOWASP Delhi

IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi

Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi

ICS Security 101 by Sandeep SinghOWASP Delhi

Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi

Hostile Subdomain Takeover by Ankit PrateekOWASP Delhi

DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi

Recently uploaded (20)

PPTX

ppt lighfrsefsefesfesfsefsefsefsefserrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrt.pptxatharvawafgaonkar

PPTX

AI ad its imp i military life read it agShwetaBharti31

PPTX

Different Generation Of Computers .pptxdivcoder9507

PPTX

Slides Powerpoint: Eco Economic Epochs.pptxSteven McGee

PPT

Transformaciones de las funciones elementales.pptrirosel211

PPTX

The Internet of Things (IoT) refers to a vast network of interconnected devic...chethana8182

PPTX

dns domain name system history work.pptxMUHAMMADKAVISHSHABAN

PPTX

Blue and Dark Blue Modern Technology Presentation.pptxap177979

PDF

KIPER4D situs Exclusive Game dari server Star Gaming Asiahokimamad0

PDF

KIPER4D situs Exclusive Game dari server Star Gaming Asiahokimamad0

PDF

LOGENVIDAD DANNYFGRETRRTTRRRTRRRRRRRRR.pdfjuan456ytpro

PPTX

The Internet of Things (IoT) refers to a vast network of interconnected devic...chethana8182

PPTX

LESSON-2-Roles-of-ICT-in-Teaching-for-learning_123922 (1).pptxrenavieramopiquero

PDF

BGP Security Best Practices that Matter, presented at PHNOG 2025APNIC

PDF

DNSSEC Made Easy, presented at PHNOG 2025APNIC

PPTX

Black Yellow Modern Minimalist Elegant Presentation.pptxnothisispatrickduhh

PPTX

B2B_Ecommerce_Internship_Simranpreet.pptxLipakshiJindal

PPTX

Unlocking Hope : How Crypto Recovery Services Can Reclaim Your Lost Fundslionsgate network

PDF

KIPER4D situs Exclusive Game dari server Star Gaming Asiahokimamad0

PPTX

Artificial-Intelligence-in-Daily-Life (2).pptxnidhigoswami335

ppt lighfrsefsefesfesfsefsefsefsefserrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrt.pptxatharvawafgaonkar

AI ad its imp i military life read it agShwetaBharti31

Different Generation Of Computers .pptxdivcoder9507

Slides Powerpoint: Eco Economic Epochs.pptxSteven McGee

Transformaciones de las funciones elementales.pptrirosel211

The Internet of Things (IoT) refers to a vast network of interconnected devic...chethana8182

dns domain name system history work.pptxMUHAMMADKAVISHSHABAN

Blue and Dark Blue Modern Technology Presentation.pptxap177979

KIPER4D situs Exclusive Game dari server Star Gaming Asiahokimamad0

LOGENVIDAD DANNYFGRETRRTTRRRTRRRRRRRRR.pdfjuan456ytpro

The Internet of Things (IoT) refers to a vast network of interconnected devic...chethana8182

LESSON-2-Roles-of-ICT-in-Teaching-for-learning_123922 (1).pptxrenavieramopiquero

BGP Security Best Practices that Matter, presented at PHNOG 2025APNIC

DNSSEC Made Easy, presented at PHNOG 2025APNIC

Black Yellow Modern Minimalist Elegant Presentation.pptxnothisispatrickduhh

B2B_Ecommerce_Internship_Simranpreet.pptxLipakshiJindal

Unlocking Hope : How Crypto Recovery Services Can Reclaim Your Lost Fundslionsgate network

KIPER4D situs Exclusive Game dari server Star Gaming Asiahokimamad0

Artificial-Intelligence-in-Daily-Life (2).pptxnidhigoswami335

Cloud assessments by :- Aakash Goel

1. Cloud Assessments Aakash Goel & Ankit Arora Security Compass

2. Reality Check. Cloud is real. • Net worth of software market affected by cloud computing - US$384 billion1 and growing. • Bridging the cost-computing gap • Automation • Agility • Disaster Recovery • Centralised Control • Visibility

3. Industry Leaders

4. Shared Responsibility Model Customer - Security ‘in’ the cloud Provider - Security ‘of’ the cloud

5. Cloud Pentest Configurations Access Control Sensitive data at rest Log Visibility

6. What to look at Knowing what services you have running 01 Knowing what resources those services create, are they making instances, endpoints, other things. What are the default configurations of those resources. 02 Making sure you are testing the right thing. Testing the authentication checks. something like API Gateway enforces is a fruitless endeavour and you are less testing your actual code than you are cloud. 03

7. Automated Tools AWS Trusted Advisor AWS Config Scout2 Prowler Security Monkey Cloud Custodian CloudSploit

8. AWS vs GCP vs Azure Security Views Technical Jargons Tooling

9. Flaws Challenge http://flaws.cloud

10. We’re hiring Associates - https://grnh.se/f5j5jxo51 Consultants - https://grnh.se/a0xc7kv41 Seniors - https://grnh.se/ix4fx2is1