1 Abstract#
The Certified Cloud Penetration Test Professional (CCPTP) certification and training program is released by the International Cloud Security Alliance China Region. It is the world's first certification course for cloud penetration testing capabilities. The program aims to provide professional practical skills required for cloud penetration testing, bridge the gap in understanding of cloud penetration testing, and cultivate skilled professionals. It also offers certification certificates to ensure the development of a talent pool for the cloud computing industry.
The certification course includes topics such as cloud penetration testing system, testing process, practical techniques, legal regulations, ethical standards for penetration testers, penetration testing methodology, and practical skills. By passing the CCPTP exam, security professionals engaged in cloud computing and penetration testing can have a comprehensive understanding and broad knowledge of the cloud penetration testing system architecture, legal regulations, testing techniques, and practical skills. This helps cloud security professionals to gain in-depth knowledge of cloud penetration testing work and conduct penetration testing and legitimate assessment of target system security status with client authorization, providing assistance in solving cloud security issues.
Official website: https://c-csa.cn/training/course-detail/i-1840.html
(Image from a group member)
The prerequisite for obtaining the certificate is to pass both the theoretical and practical exams. The passing rate needs to reach 75%, and currently, the number of certified individuals should be relatively small.
2 Course Content#
Almost everything that can be covered is covered, with more emphasis on theoretical knowledge and the practical focus starting from the fourth module.
3 Experience#
Theory:
In the theoretical exam, the knowledge in the PowerPoint slides and videos ensures that you pass, as they are all multiple-choice questions. They will ask about the definition of cloud computing and the shared responsibility model, among other things. In short, pay attention during the training and make sure you have a good grasp of the theory.
Practical:
For the practical part, I referred to the following resources:
https://cloudsec.huoxian.cn/docs/articles
Huoxian provides a target environment for practice, so you can practice more and also refer to the technical documentation between cloud service providers such as COS and CVM. If possible, it is also recommended to practice in the HTB cloud environment target field, which is more comprehensive than the above resources and includes Amazon and Google Cloud. Pay attention to the utilization of server metadata and some utilization between COS, practice more, and there should be no major issues.
4 Certification Evaluation#
The course is well-designed and closely aligned with practical applications, with sufficient coverage of knowledge. I think anyone interested in learning about cloud attack and defense can give it a try, especially since more and more companies are choosing to migrate to the cloud, and traditional horizontal methods are becoming less effective. The purpose of certification is to maintain continuous learning.