LibGuides: CYB653 V1: Week 3 Resources

Week 3 Required Resources

AWS Penetration Testing: Beginner's guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap
Helmus, J. (2021). AWS penetration testing beginner’s guide to hacking AWS with tools such as Kali Linux, Metasploit, and Nmap. Packt Publishing.
This book guides you through security assessments of key AWS resources, covering tests like application exploitation and permission flaws. Additionally, it provides insights on establishing private-cloud access and navigating restricted areas while offering tips for maintaining a secure cloud environment professionally.

Required Chapter Readings:
Chapter 8: Assessing AWS API Gateway
Chapter 9: Real-Life Pentesting with Metasploit
Chapter 10: Pentesting Best Practices
AWS Academy | Cloud Security Builder Course
AWS Academy | Training and Certification | AWS. (n.d.). Amazon Web Services, Inc. https://www.awsacademy.com/
In this lab project, you are challenged to use AWS services to secure various resources in the AWS Cloud. The lab project is divided into four phases, which are independent of each other. The architecture must reflect the principles of the AWS Well-Architected Framework and the principle of least privilege. Specific sections of the assignment are meant to challenge you on skills that you have acquired throughout the learning process.

A review of penetration testing and vulnerability assessment in cloud environment
Yurtseven, I., & Bagriyanik, S. (2020, October). A review of penetration testing and vulnerability assessment in cloud environment. In 2020 Turkish National Software Engineering Symposium (UYMS) (pp. 1-6). IEEE.
The main goal of this paper is to answer the question of how we can measure vulnerabilities in cloud computing and what the main penetration testing practices are in cloud environments.
Cloud Security Frameworks: A Comparison to Evaluate Cloud Control Standards
Hegde, T., Gangl, J., Babenko, S., & Coffman, J. (2023, December). Cloud Security Frameworks: A Comparison to Evaluate Cloud Control Standards. In Proceedings of the IEEE/ACM 16th International Conference on Utility and Cloud Computing (pp. 1-6).
This research evaluates cloud provider security standards set forth by ISO/IEC 27001 and 27002, FedRAMP, and SOC 2 against a third-party benchmark, the Cloud Controls Matrix (CCM) created by the Cloud Security Alliance (CSA), as well as the CSA's "Treacherous Twelve" of the top threats to cloud computing security.