1 摘要#
Certified Cloud Penetration Test Professional (CCPTP) certification and training program is released by the International Cloud Security Alliance China Region. It is the world's first certification course for cloud penetration testing capabilities. The program aims to provide professional practical skills required for cloud penetration testing, bridge the gap in understanding of cloud penetration testing, and cultivate skilled professionals in the field. It enhances the capabilities of professionals and provides certification to ensure the development of a talent pool for the cloud computing industry.
The certification course covers topics such as cloud penetration testing system, testing process, practical techniques, legal regulations, ethical standards for penetration testers, penetration testing methodology, and practical skills. By passing the CCPTP exam, security professionals engaged in cloud computing and penetration testing gain comprehensive knowledge and understanding of the cloud penetration testing system architecture, legal regulations, testing techniques, and practical skills. This helps them to gain in-depth knowledge of cloud penetration testing work and conduct penetration testing and legitimate evaluation of target system security with client authorization, providing assistance in resolving cloud security issues.
Official website: https://c-csa.cn/training/course-detail/i-1840.html
(Group member's image)
The prerequisite for obtaining the certification is to pass both the theoretical and practical exams. The passing rate should be at least 75%, and currently, the number of certified individuals is likely to be small.
2 课程内容#
Almost everything that can be covered is covered, with a larger portion dedicated to theoretical knowledge. The practical focus starts from the fourth module.
3 通过经验#
Theoretical:
In the theoretical exam, the knowledge in the PowerPoint slides and videos ensures your success. It consists of multiple-choice questions. You will be asked about the definition of cloud computing and the shared responsibility model, among other topics. Attend the training classes attentively to ensure success in the theoretical exam.
Practical:
For the practical part, I referred to the following resources:
https://cloudsec.huoxian.cn/docs/articles
Huoxian provides a practice environment where you can practice and also refer to the technical documentation of cloud service providers such as COS and CVM. If possible, I recommend practicing in the HTB cloud environment, which is more comprehensive and includes Amazon and Google Cloud. Focus on utilizing server metadata and some techniques between COS, and practice more. There shouldn't be any major issues.
4 认证评价#
The course design is highly practical and covers a wide range of knowledge. If you are interested in learning about cloud attack and defense, you can definitely give it a try. With more and more companies choosing cloud environments, traditional horizontal methods are becoming less effective. The purpose of certification is to maintain continuous learning.