Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure.
In this Help Net Security video, Jeswin Mathai, Chief Architect, Lab Platform at INE, showcases AWSGoat, a vulnerable by design infrastructure featuring OWASP Top 10 web application security risks and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat is available for free download on GitHub.