Pentesting Azure Applications:The Definitive Guide to Testing and Securing Deployments
Release Finelybook 出版日期：2018-07-23
A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple.
A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
You’ll learn how to:
Find security issues related to multi-factor authentication and management certificates
Make sense of Azure’s services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
Discover security configuration errors that could lead to exploits against Azure storage and keys
Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
Penetrate networks by enumerating firewall rules
Investigate specialized services like Azure Key Vault and Azure Websites
Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author’s experience as a corporate penetration tester, sample scripts from pen-tests and “Defenders Tips” that explain how companies can reduce risk, Pentesting Azure provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.
CONTENTS IN DETAIL
FOREWORD by Thomas W. Shinder, MD
2 ACCESS METHODS
5TARGETING VIRTUAL MACHINES
7 OTHER AZURE SERVICES
8 MONITORING, LOGS, AND ALERTS