Getting Started with Cloud Pentesting | Ft. Scott Weston | Ep.78 | Scale To Zero Podcast | Cloudanix

Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap. We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice. Transcript: https://www.scaletozero.com/episodes/getting-started-with-cloud-pentesting-with-scott-weston/ Spotify: https://podcasters.spotify.com/pod/show/scaletozero/episodes/Getting-Started-with-Cloud-Pentesting--Ft--Scott-Weston--Ep-78--Scale-To-Zero-Podcast--Cloudanix-e2qkcgc Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model 00:00 Teaser and Introduction 04:35 Introducing self-developed tool GCPwn 07:30 Is GCPwn an active or passive pen testing tool? 08:47 Envisioning GCPwn for users 10:15 Areas GCPwn does not suit well 12:16 Future Roadmap of GCPwn 13:41 AWS Pwn landscape after year 2016 15:51 Describing Shared Responsibility Model 19:20 Security considerations of cloud platforms as a cloud pentester 22:25 Are pentesting certifications enough? 28:07 Common cloud misconfiguration to look for 35:26 Tools to get started with pentesting 38:38 Cloud platforms to focus on as a beginner 41:30 Where to get started as a cloud pentester 44:00 Learning resources 53:29 Summary 54:30 Reading and other recommended resources