Cloud Pentesting | PenTest Regular 01/2014

1. Dear PenTest Readers,

We are happy to present to you the long awaited Cloud Pentesting issue. Welcome to the first PenTest Regular in 2014!
As mentioned before, the focal point of this issue will be penetration testing in the cloud. Many aspects of this topic have been discussed in this publication, so we are sure you will find it interesting.
Cloud computing is probably the most frequent topic on various InfoSec events. Since the concept is fairly new, it still provokes many questions and disputes. One of the most influential personas in the cloud world is Ian Moyse. He kindly agreed to prepare an article about the risks which the cloud can provide for its users. Moreover, Ralph S. LaBarge has given us the permission to publish an article based on his college paper about detecting cloud vulnerabilities. Also, Bruno Rodrigues was kind enough to describe his experience with moving his pentesting tools to the cloud and conducting the test from there.
It is just a glimpse on what you will find in this issue. Refer to the table of contents for more information and enjoy the cloudy PenTest magazine!

TABLE OF CONTENTS

Introduction to Cloud
by Muhammad Saleem

Pentest Amazon Cloud Instances Like a Pro
by Anthony Siravo

Cloud Services Penetration Testing
by Chad Olivier

The Risk Profile of IaaS Cloud Proliferation
by Dwight Koop

Vulnerabilities Detection in the Cloud
by Ralph S. LaBarge

Cloudy Data Protection and Sovereignty
by Ian Moyse

Moving the Pentest Tools to the Cloud
by Bruno Rodrigues

The Basics of Physical Penetration Testing
by Daniel Chew

Testing Physical Access Control: RFID
by Adam Kliarsky

BrowserExploitServer Mixin: The New Browser Exploitation Module in Metasploit’s Arsenal
by Hardik Suri