SEC588: Cloud Penetration Testing

Programme Code D175
Applications Development
Learning Partner(s)
SANS Institute
6 Days
Format In-person
Web Application Penetration Test Application Security Testing Cloud Security
Job Roles
ICT&SS Professional Software Engineer Security Testing Engineer Red Team Engineer Quality Engineer DevOps Engineer Data Security Officer Cybersecurity Engineer


Equip yourself with the latest in cloud-focused penetration testing techniques to assess cloud environments. The programme dives into topics of classic cloud Virtual Machines, buckets, and other new issues that appear in cloud-like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers.

You will also learn specific tactics for penetration testing in Azure and Amazon Web Services (AWS), particularly important given that AWS and Microsoft account for more than half the market. It's one thing to assess and secure a data centre, but it takes a specialised skillset to truly assess and report on the risk that an organisation faces if its cloud services are left insecure.

Key Takeaways

At the end of this programme, you will be able to:
  • Draw from many skill sets required to properly assess a cloud environment
  • Apply penetration tester skills into cloud environments
  • Identify how attackers are abusing cloud infrastructure to gain a foothold in your environments as a cloud-security-focused defender or architect

Who Should Attend

  • Please refer to the job roles section.
  • Both attack-focused and defense-focused security practitioners will benefit greatly from SEC588 by gaining a deep understanding of vulnerabilities, insecure configurations, and the associated business risks to their organisations. This programme benefits Penetration Testers, Vulnerability Analysts, Risk Assessment officers, DevOps Engineers, Site Reliability Engineers, and those working in many other areas.


This programme has many labs, so you must come prepared with the following base level of knowledge:
  • Familiarity with Linux bash - Not expert level, but a base understanding.
  • Basic familiarity with Azure and AWS CLI tools - Watching a simple introductory video will suffice.
  • Base understanding of networking and TCP/IP.
  • Rudimentary understanding of the Metasploit CLI console.
  • Understanding how pivots work.

Programme Structure

This programme will cover the following topics:
  • Architecture, Discovery, and Recon at Scales
  • Attacking Identity Systems
  • Attacking and Abusing Cloud Services
  • Vulnerabilities in Cloud-Native Applications
  • Infrastructure Attacks and Red Teaming
  • Capstone Event


Full Fee

Full programme fee 


9% GST on nett programme fee


Total nett programme fee payable, including GSTS$12810.77

With effect from 1 Jan 2024

Full Fee

Exam fee (exl. GST)


Total exam fee payable, including 9% GSTS$1448.17

With effect from 1 Jan 2024



Additional terms and conditions apply for this programme. For more information, visit

Upcoming Classes

Class 1
13 May 2024 to 18 May 2024 (Full Time)
Duration: 6 days
When: May - 13, 14, 15, 16, 17, 18(Sat)
Time : Day 1: 8.30am to 5pm; Day 2-6: 9am to 5pm

How To Register


Step 1 Apply through your organisation's training request system

Step 2 Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the programme.

Your organisation will send registration information to the academy.

Organisation HR L&D or equivalent staff can click here for details of the registration submission process.

Step 3 GovTech Digital Academy will inform you whether you have been successful in enrolment.