Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode, we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly.


Guest: Oz Avenstein, Founder at Avensec



0:50 introducing our guest

3:40 How is cloud penetration tests different from regular pen tests?

5:01 elaborating about IaaS/PaaS particular pen test policies 

8:45 pen testing SaaS applications 

11:05 relaying on 3rd party pen testing

12:02 cloud pen test considerations and phases

17:35 the actual pen testing 

21:20 the reporting phase

23:40 incorporating pen test into applications development cycle 

34:00 Summary and last words

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment on “Episode 17: How to do penetration testing in cloud application

Trackbacks & Pingbacks


  1. Hi there just wanted to give you a quick heads up and let you know a few of the images aren’t loading properly.
    I’m not sure why but I think its a linking issue.
    I’ve tried it in two different browsers and both show
    the same outcome.

SilverLining © 2019