This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.1 of Cloud Threats and Attack Vectors
CSA Top 10 cloud threats, the SSRF-to-IMDS credential theft chain, and IMDSv1 vs IMDSv2.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
CSA Top Threats to Cloud Computing: Pandemic 11
The latest CSA top threats report with detailed analysis of each cloud threat category.
CSA Top Threats to Cloud Computing: Pandemic 11
The latest CSA top threats report with detailed analysis of each cloud threat category.
AWS EC2 IMDS v2 Announcement and Configuration Guide
Official AWS documentation for configuring and enforcing IMDSv2 on EC2 instances.
AWS EC2 IMDS v2 Announcement and Configuration Guide
Official AWS documentation for configuring and enforcing IMDSv2 on EC2 instances.
OWASP Server-Side Request Forgery Prevention Cheat Sheet
Comprehensive OWASP guidance on preventing SSRF vulnerabilities in web applications.
OWASP Server-Side Request Forgery Prevention Cheat Sheet
Comprehensive OWASP guidance on preventing SSRF vulnerabilities in web applications.
Capital One Data Breach — AWS Case Study
US DOJ case details on the Capital One breach demonstrating the SSRF-to-IMDS attack chain.
Capital One Data Breach — AWS Case Study
US DOJ case details on the Capital One breach demonstrating the SSRF-to-IMDS attack chain.
Quadrant 4 · Self-Assessment
Cloud Threats, Attacks and Privacy
CSA Top 10, SSRF/IMDS, IMDSv2, EDoS, man-in-the-cloud, STRIDE, MITRE ATT&CK for Cloud, and data residency.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.