This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 3.4 of Cloud Security Controls and Frameworks
Cloud pentest methodology, the five common patterns, reconnaissance tools, and report structure.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
AWS Penetration Testing Policy
Official AWS penetration testing policy defining permitted activities and notification requirements.
AWS Penetration Testing Policy
Official AWS penetration testing policy defining permitted activities and notification requirements.
Pacu — AWS Exploitation Framework
Open-source AWS exploitation framework by Rhino Security Labs for authorised cloud pentesting.
Pacu — AWS Exploitation Framework
Open-source AWS exploitation framework by Rhino Security Labs for authorised cloud pentesting.
flaws.cloud — AWS Security Training Lab
Scott Piper free AWS security challenges covering common misconfiguration vulnerabilities.
flaws.cloud — AWS Security Training Lab
Scott Piper free AWS security challenges covering common misconfiguration vulnerabilities.
AWS IAM Privilege Escalation Techniques
Rhino Security Labs comprehensive list of IAM privilege escalation paths with mitigations.
AWS IAM Privilege Escalation Techniques
Rhino Security Labs comprehensive list of IAM privilege escalation paths with mitigations.
Quadrant 4 · Self-Assessment
Controls, Standards and Testing
CSA CCM v4, NIST CSF 2.0, ENISA, CSPM, CWPP, CASB, CIEM, CSMV, and cloud penetration testing tools.
Cloud Security: Complete Assessment
Comprehensive 120-question assessment covering all six chapters of the Cloud Security eBook 2026.