WEBVTT 00:07.280 --> 00:13.220 When we look about the cloud environment, we need to understand that the cloud, much like any enterprise, 00:13.220 --> 00:18.410 has also got same vulnerabilities and flaws and even misconfigurations associated with it as a normal 00:18.410 --> 00:19.040 network. 00:19.040 --> 00:24.680 And all intents and purposes, it pretty much is a normal network and we need to treat it as such within 00:24.680 --> 00:25.790 the different cloud environment. 00:25.820 --> 00:30.710 We need to understand that the cloud, much like an enterprise environment, contains the same flaws, 00:30.710 --> 00:35.360 the different misconfigurations and vulnerabilities that you might see in a normal, everyday enterprise 00:35.360 --> 00:36.110 environment. 00:36.140 --> 00:42.110 As such, we still need to do vulnerability scanning and assess whether or not there's different misconfigurations 00:42.110 --> 00:45.770 and the different flaws associated with that perceived environment. 00:45.800 --> 00:50.510 However, there is some differences within the cloud environment versus an enterprise environment that 00:50.510 --> 00:52.100 you may see on premise. 00:52.100 --> 00:57.350 With a cloud environment, we need to be careful about how we scan the different infrastructure in that 00:57.350 --> 01:02.300 we need to understand what is our contract stipulate that we're able to do in that cloud environment? 01:02.300 --> 01:06.980 Am I allowed to scan the environment either legally, ethically or contractually? 01:06.980 --> 01:11.850 And with that, we need to make sure that when we do scan the environment that we're following the policies 01:11.850 --> 01:15.810 and procedures outlined by the environment that we're utilizing. 01:15.810 --> 01:21.120 So before you start scanning and going through the different cloud environment to identify misconfigurations 01:21.120 --> 01:25.320 and flaws, we need to make sure are we allowed to do it within the cloud environment? 01:25.320 --> 01:27.060 We have several different tools to utilize. 01:27.060 --> 01:29.550 The first tool I want to talk about is called Scout Suite. 01:29.580 --> 01:35.730 Now, Scout Suite is an open source auditing tool designed and tailored for cloud security assessments. 01:35.730 --> 01:42.630 Within the Cloud Security tool, we can scan different platforms like AWS, Azure, or even GCP. 01:42.630 --> 01:50.040 It leverages a platform API that automatically scans for cloud assets and identifies potential misconfigurations 01:50.040 --> 01:54.420 security risks, and facilitates an efficient security management infrastructure. 01:54.450 --> 02:01.560 It utilizes custom scans to focus on specific areas and receive detailed, customizable reports highlighting 02:01.560 --> 02:06.750 those vulnerabilities for compliance violations, security flaws, or misconfigurations. 02:06.750 --> 02:10.050 Much like Scout Suite, a different program is called Prowler. 02:10.080 --> 02:17.020 Now, Prowler provides us a framework designed designed to assess the cloud infrastructure for security, 02:17.050 --> 02:19.600 particularly within an AWS environment. 02:19.600 --> 02:26.140 It aligns two key aspects practices and offers a configurable option for programmatic access to via 02:26.170 --> 02:28.090 Amazon API and scans. 02:28.090 --> 02:36.130 Just like a just like Scout suite in AWS, it looks for configuration flaws, security risks, vulnerabilities 02:36.250 --> 02:39.070 in the different flaws associated with the cloud environment. 02:39.070 --> 02:41.020 Then we have something called PACU. 02:41.050 --> 02:48.490 Now, PACU is developed by Rhino Security Labs and introduced for open source AWS Exploitation Framework 02:48.490 --> 02:50.140 in 2018. 02:50.140 --> 02:56.770 It features a modular architecture and emphasizes a penetration testing platform that checks for compliance 02:56.770 --> 03:02.410 issues, security flaws, and vulnerabilities, much like we see in Scout Suite, and it provides a 03:02.410 --> 03:04.600 streamlined approach for documentation. 03:04.660 --> 03:10.540 Uh, PACU is designed really for somebody that's looking specifically for more of the compliance aspect 03:10.570 --> 03:13.840 of AWS, but it does do a little bit more than just that. 03:13.840 --> 03:20.680 It also provides us with a detailed report and documents our attack results within a penetration testing 03:20.680 --> 03:21.610 environment.