Book description
"Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You’ll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you’ll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure’s Infrastructure as a Service (IaaS).
You’ll also learn how to:
• Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files• Use PowerShell commands to find IP addresses, administrative users, and resource details• Find security issues related to multi-factor authentication and management certificates• Penetrate networks by enumerating firewall rules• Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation• View logs and security events to find out when you’ve been caught
Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations."
Table of contents
- Cover Page
- Title Page
- Copyright Page
- About the Author
- About the Technical Reviewer
- Dedication
- BRIEF CONTENTS
- CONTENTS IN DETAIL
- FOREWORD by Thomas W. Shinder, MD
- ACKNOWLEDGMENTS
- INTRODUCTION
- 1 PREPARATION
- 2 ACCESS METHODS
-
3 RECONNAISSANCE
- Installing PowerShell and the Azure PowerShell Module
- Service Models
- Best Practices: PowerShell Security
- Authenticating with the PowerShell Module and CLI
- Authenticating with Management Certificates
- Best Practices: Service Principals
- Authenticating with Service Principals
- Best Practices: Subscription Security
- Gathering Subscription Information
- Gathering Information on Networking
- Consolidated PowerShell Scripts
- Summary
- 4 EXAMINING STORAGE
- 5 TARGETING VIRTUAL MACHINES
- 6 INVESTIGATING NETWORKS
- 7 OTHER AZURE SERVICES
- 8 MONITORING, LOGS, AND ALERTS
- GLOSSARY
- INDEX
Product information
- Title: Pentesting Azure Applications
- Author(s):
- Release date: July 2018
- Publisher(s): No Starch Press
- ISBN: 9781593278632
You might also like
book
Implementing Azure DevOps Solutions
A comprehensive guide to becoming a skilled Azure DevOps engineer Key Features Explore a step-by-step approach …
book
Securing DevOps
Securing DevOps explores how the techniques of DevOps and security should be applied together to make …
book
Penetration Testing Azure for Ethical Hackers
Simulate real-world attacks using tactics, techniques, and procedures that adversaries use during cloud breaches Key Features …
book
Microsoft Azure Networking: The Definitive Guide
For cloud environments to operate and scale as they should, their networking components must be designed …