Pentesting methodology for AWS
This section will deviate from the traditional pentesting methodology used for a non-cloud pentesting environment. We don't follow the conventional pentesting methods primarily due to our target's scope – in this case, our target would be an AWS environment. Additionally, we will be performing functional testing with valid credentials provided by the client that is being pentested.
Important note
Functional testing is a means and method of scanning and checking for vulnerabilities and misconfigured services that have been implemented by users.
This whole chapter will discuss the dos and don'ts of pentesting and discuss details that need to be understood before and after performing a pentest. However, before we get into any of that, we need to understand the steps on how we deliver a pentest against AWS.
Let's break down the four different steps in performing a pentest on an AWS target:
- Reconnaissance ...
