Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Amazon AWS - Pen-Testing

Options
  • 06-02-2012 3:42pm
    #1
    Kenz
    Registered Users Posts: 66 ✭✭


    Hey peoples...

    Right, I'm going to need to perform some security tests against a system we're developing on Amazon AWS over the next couple of months. Anyone have any particular experience, and therefore words of wisdom/advice, on testing against AWS? Anything in particular that's different about testing against AWS, when compared to other hosted WebApps or software apps?

    I've read through the AWS tech pdfs and know i need to fill in and submit forms, etc to get permissions beforehand.

    PS - I know this is Dev related, so might not completely fit in here, but all the Security talk seems to be in here - Anyway, what do Devs care about Security (sure it works doesn't it) ;O)

    Later...
    Tagged:


Comments

  • Options
    #2
    fcerullo
    Registered Users Posts: 52 ✭✭fcerullo


    hey Kenz,

    that's actually a very good question and completely depends on the scope of the exercise... I would suggest you to drop an email to AWS Security.

    From an official response:

    "If any Amazon EC2 customer wishes to conduct port/vulnerability scanning or penetration testing, please email us at aws-security@amazon.com and we'll work with you to ensure your testing is conducted promptly and appropriately."

    BTW.. why don't you join OWASP Ireland on Linkedin?

    http://www.linkedin.com/groups/OWASP-Ireland-3228848

    Plenty of like-minded professionals willing to help.

    Fabio

    @fcerullo


  • Options
    #3
    Kenz
    Registered Users Posts: 66 ✭✭Kenz


    fcerullo wrote: »

    BTW.. why don't you join OWASP Ireland on Linkedin?

    http://www.linkedin.com/groups/OWASP-Ireland-3228848

    Plenty of like-minded professionals willing to help.

    Fabio

    @fcerullo

    Cheers Fabio - I'll go take a look at QWASP IE Linedin site, and see what i can find out. I was on the OWASP IE site lastweek, but didn't notice anything;O)

    Later,
    Ken


Advertisement