Knowing your pentest and the unknowns of AWS pentesting
No rock should ever be left unturned – at least that is how the saying goes. The same thing can be said about pentesting AWS, or even pentesting in general. A pentest is only as good as those all involved with the pentest. This means that the target organization will need to ensure that they have allowed all information to be shared, and if the pentest team suspects that any additional information is needed, this should be given to the team. This is what we mean by knowing the unknown.
The best way to know what to look for in a pentest is by pentesting constantly and always being open to new ideas. While this sounds a little cliché, it does hold some merit. Experience plays a huge role in guiding a pentest to success, and the only way to get that experience is by ethically hacking as much as possible – in different environments, I might add. That's why throughout this book we have looked at a lot of...
