Cloud AuthoriZation Trainer: A simulator of cloud-provider responsible REST APIs

CAZT (Cloud AuthoriZation Trainer)

CAZT (Cloud AuthoriZation Trainer) is a simulator of cloud-provider responsible REST APIs. It includes a lab manual for getting hands-on practice with how to attack authorization vulnerabilities in a cloud API.

It is different from other vulnerable cloud practice environments because it focuses on the cloud-provider shared responsibility instead of the customer. This enables pen testers to gain experience with testing the cloud vendor itself as well as an understanding of what a vulnerable cloud service will look like.

Features

• Interface for using cloud-provider command-line interfaces to practice
• A lab manual with OWASP authorization vulnerability scenarios
• Six API endpoints for vulnerability discovery

Requirements

• The simulator and pen test tools can be run from a single local machine
• Fundamental knowledge of HTTP proxy MitM tools (i.e. Burp)
• Basic experience with using a command-line
• Basic experience with using a cloud-provider’s command-line interface tool

Platforms

Development and testing were done under Ubuntu Linux, but other platforms with at least Python 3.8 should be compatible as well.

Install

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy