AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters

https://player.vimeo.com/video/735343239?h=e2c2fc46fa&badge=0&autopause=0&player_id=0&app_id=58479&dnt=1

Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since the cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure.

In this Help Net Security video, Jeswin Mathai, Chief Architect, Lab Platform at INE, showcases AWSGoat, a vulnerable by design infrastructure featuring OWASP Top 10 web application security risks and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat is available for free download on GitHub.

If you’re at Black Hat USA 2022, you can learn more about AWSGoat. The creators will be at the Arsenal, doing demos and answering questions on Wednesday, August 10, starting at 4PM.

Source: https://www.helpnetsecurity.com/2022/08/10/awsgoat-vulnerable-aws-infrastructure-video/