View
14.216
Download
0
Category
Preview:
Citation preview
2016/05/17
@tigerszk
Amazon Web Services
Shun Suzaki( )
Twitter:@tigerszk
ISOG-J WG1 Burp Suite Japan User Group OWASP JAPAN Promotion Team IT#ssmjp
IM A CERTAIN PENTESTER!
http://www.slideshare.net/zaki4649/
NW
l
scanning!
Internet
OS
Web Web
Web
l
ll
AWS
Q.AWS
A.!
AWS
(AWS) https://aws.amazon.com/jp/compliance/shared-responsibility-model/
ECOS
AWS
ACL Web
AWS
AWS http://media.amazonwebservices.com/jp/wp/AWS_Security_Best_Practices.pdf
AWS
llOK
http://www.slideshare.net/zaki4649/free-securitycheck
AWS
- AWS h'ps://aws.amazon.com/jp/security/penetra;on-tes;ng/
AWS
EC2RDS
RDS:RDSRDSEC2:m1.smallt1.micro
EC2 RDS
- AWS h'ps://aws.amazon.com/jp/security/penetra;on-tes;ng/
AWS /https://portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSSecurityPenTestRequest
Contact Information
Your Name:* Company Name* Email Address AWSAdditional Email Address CC
Third Party Contact Information
Scan Information IP Addresses to be scanned (Destination)* IPELB
Are the instances the source of the scan or the target of the scan?*
EC2
Instances IDs* EC2ID
Scanning IP addresses (Source)* IP
Total Bandwidth (Please provide expected Gbps)*
What region are these instances in?* EC2
Timezone*
Start Date and Time (YYYY-MM-DD HH:MM)*
End Date and Time (YYYY-MM-DD HH:MM)*
Additional Comments
Terms and Conditions AWSs Policy Regarding the Use of Security Assessment Tools and Services
root 3 2
Amazon EC2 Developers.IO : http://dev.classmethod.jp/cloud/aws/penetration-testing/
AWS(Penetration Test) | cloudpack : https://blog.cloudpack.jp/2015/01/22/about-aws-penetration-test/
ll(
llAWSl
AWS
Elastic Load Balancing
ELB
ll
lELBlSSL
lIPlIPlIP
lNWIP
l
lIP (((())))
l()
ELBIP60IP
lozuma AWSELB(Elastic Load Balancing) http://srad.jp/~ozuma/journal/591374/
lIP
lIP
l
l
Recommended