[SECURITY] Openstack Security Assessments

jackdaw blues jackdawblues at gmail.com
Thu Oct 6 08:23:07 UTC 2022


Hi all,

I am currently leading a team of offensive security engineers and we are
trying to create a checklist for each component of Openstack in the context
of Security Assessment.

At the end of the day what we want to end up with is common exploitable
configuration weaknesses for each component. It will be against
configuration or installation mistakes that result in unintended privileges
or information disclosure, etc. Patch management isn't in scope.

Not the exact output, but these links can give a good idea of the contents
of the security assessment we are planning (these are for AWS):
http://flaws.cloud/
http://flaws2.cloud/

Has anyone had any experience regarding the topic above? If so please feel
free to connect. Regardless of the experience, if you want to contribute
and at mark zero just like we are, you are still welcome and we can help
each other create this assessment checklist.

Cheers,
Asil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221006/6fdd910c/attachment.htm>


More information about the openstack-discuss mailing list