Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Amazon AWS - Pen-Testing

  • 06-02-2012 03:42PM
    #1
    Registered Users, Registered Users 2 Posts: 66 ✭✭


    Hey peoples...

    Right, I'm going to need to perform some security tests against a system we're developing on Amazon AWS over the next couple of months. Anyone have any particular experience, and therefore words of wisdom/advice, on testing against AWS? Anything in particular that's different about testing against AWS, when compared to other hosted WebApps or software apps?

    I've read through the AWS tech pdfs and know i need to fill in and submit forms, etc to get permissions beforehand.

    PS - I know this is Dev related, so might not completely fit in here, but all the Security talk seems to be in here - Anyway, what do Devs care about Security (sure it works doesn't it) ;O)

    Later...
    Tagged:


Comments

  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    hey Kenz,

    that's actually a very good question and completely depends on the scope of the exercise... I would suggest you to drop an email to AWS Security.

    From an official response:

    "If any Amazon EC2 customer wishes to conduct port/vulnerability scanning or penetration testing, please email us at aws-security@amazon.com and we'll work with you to ensure your testing is conducted promptly and appropriately."

    BTW.. why don't you join OWASP Ireland on Linkedin?

    http://www.linkedin.com/groups/OWASP-Ireland-3228848

    Plenty of like-minded professionals willing to help.

    Fabio

    @fcerullo


  • Registered Users, Registered Users 2 Posts: 66 ✭✭Kenz


    fcerullo wrote: »

    BTW.. why don't you join OWASP Ireland on Linkedin?

    http://www.linkedin.com/groups/OWASP-Ireland-3228848

    Plenty of like-minded professionals willing to help.

    Fabio

    @fcerullo

    Cheers Fabio - I'll go take a look at QWASP IE Linedin site, and see what i can find out. I was on the OWASP IE site lastweek, but didn't notice anything;O)

    Later,
    Ken


Advertisement