Episode 17: How to do penetration testing in cloud application

Episode 17 August 02, 2020 00:37:03
Episode 17: How to do penetration testing in cloud application
SilverLining IL
Episode 17: How to do penetration testing in cloud application
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Oz Avenstein

Guest Title:  Founder

Company:  Avensec

Abstract

Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly.

Timing:

0.50 introducing our guest

3.40 How is cloud penetration tests different from regular pen tests?

5.01 elaborating about IaaS/PaaS particular pen test policies 

8.45 pen testing SaaS applications 

11.05 relaying on 3rd party pen testing

12.02 cloud pen test considerations and phases

17.35 the actual pen testing 

21.20 the reporting phase

23.40 incorporating pen test into applications development cycle 

34:00 Summary and last words

 

Episode Transcript

No transcript available...

Other Episodes

Episode 49

April 06, 2022 00:37:28
Episode Cover

SilverLining Episode 49: Security for Fintech Companies

Guest: Alex Gestin Guest title:  CISO, Riseup Language: English   Abstract The growing number of fintech companies represent a shift in the market from traditional banking &  financing to new models and tools that are empowered by technology. But fintech companies face security challenges - they need to provide customers and financial partners with assurance & security at a level of giant institutes - while being young and small companies. In this episode we spoke with Alex Gestin, CISO for Riseup - about the challenges of Fintech companies and how Riseup builds environments that provide assurance and trust with regulators, consumers and other banks. ...

Listen

Episode 29

November 25, 2020 00:36:09
Episode Cover

Episode 29: Cloud Identity Governance - understanding challenges

Sponsored By: Attendees Guest: Arick Goomanovsky Guest title: Co-Founder & Chief Business Officer Company: Ermetic Abstract In cloud platforms, identity and permissions are the most important control that customers get to implement. Network segmentation and other traditional controls are often ineffective and access to resources is determined by a mixture of roles & policies. This mixture can become very complex and difficult to lock down. In this episode, we are hosting Arick Goomanovsky, Chief Business Officer at Ermetic, to discuss Cloud identity and access challenges, and to review real life examples of what can happen when neglecting identity and access entitlements in cloud infrastructure. Mail to: [email protected] Timing: 0:00  Introducing our guest and Ermetic 2:21  Understanding Identity Governance 4:40  Cloud identity challenges 10:55 Dealing with identity challenges by adding visualization and analysis of permissions 16:30 Who are the organizational stakeholders relevant? 22:01 Examples for IAM challenges and outbreaks 22:25 Example 1: Protecting sensitive resources 26:25 Example 2: Third party access 29:49 Example 3: The visibility challenge when using SSO 31:30 Summary and final words ...

Listen

Episode 12

December 10, 2019 00:35:29
Episode Cover

Episode 12: Diving Into Authorization And Policy Bases Access Controls

Attendees Guest: Tsachi Lutaty Guest title: R&D manager Company: PlainID Abstract In the past years we have reached important progress in authentication. Multi factor authentication and Identity  Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization.  In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies. Timing: 0:41 introducing our guest 1:25 Introducing PlainID  2:45 Authorization challenges - what are modern authorization challenges 8:00 Role based access control vs. Attribute / Policy  based access control  15:30 Existing authorization standards   18:58 How can we better engineer authorization system - The technology angle 26:15 How can we better engineer authorization system - The process angle 29:30 How can we better engineer authorization system - The people angle 32:50 Summary and final words ...

Listen