What do you think?
Rate this book
Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments
Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You’ll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you’ll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure’s Infrastructure as a Service (IaaS).
You’ll also learn how to:
Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files
Use PowerShell commands to find IP addresses, administrative users, and resource details
Find security issues related to multi-factor authentication and management certificates
Penetrate networks by enumerating firewall rules
Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation
View logs and security events to find out when you’ve been caught
Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.
You’ll also learn how to:
Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files
Use PowerShell commands to find IP addresses, administrative users, and resource details
Find security issues related to multi-factor authentication and management certificates
Penetrate networks by enumerating firewall rules
Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation
View logs and security events to find out when you’ve been caught
Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.
216 pages, Paperback
Published July 23, 2018
27 people are currently reading
156 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
June 24, 2024
It is interesting book. The biggest issue that it is quite old and lot of content outdated in meantime. Second edition would be definitively appreciated. Book refer to both models of resource management including the ASM mode which is now referred as “classic” and will retire completely later in 2024. PowerShell tools evolved lot, and most commands referred in book are no longer functional without modifications. Similarly Azure CLI evolved a lot. Several links in book are completely dead now. And finally, Azure portal evolved a lot, so screenshots are mostly no longer valid so.
Book describes techniques to hack azure subscription and gain access to resources in it. Like many other security books, many observations are obvious and you most probably heard about some of them several times already. Still, book contains several very interesting techniques which were new to me like extracting even encrypted credentials from electron apps (Azure Storage Explorer in the case of this book).
Book is easy to read and is well written. Reading is fast and seamless, there is very few cross references between chapter. Author uses pretty simple English. Book is easy to read for non-native English speakers.
I recommend reading the book. It is not that long and even it is outdated a little, concepts remain mostly same and most probably even nowadays, everybody can take something from it for making azure resources more secure.
Book describes techniques to hack azure subscription and gain access to resources in it. Like many other security books, many observations are obvious and you most probably heard about some of them several times already. Still, book contains several very interesting techniques which were new to me like extracting even encrypted credentials from electron apps (Azure Storage Explorer in the case of this book).
Book is easy to read and is well written. Reading is fast and seamless, there is very few cross references between chapter. Author uses pretty simple English. Book is easy to read for non-native English speakers.
I recommend reading the book. It is not that long and even it is outdated a little, concepts remain mostly same and most probably even nowadays, everybody can take something from it for making azure resources more secure.
December 22, 2021
A high-level Azure overview, maybe a bit slightly dated. Big focus on reconnaissance (great), not so much on direct exploitation. You could use the book to get a first introduction to Azure or to adopt you existing pen-testing knowledge to that platform.
Examples are azure-cli / powershell-heavy, that's also great.
Nice and entertaining read.
Examples are azure-cli / powershell-heavy, that's also great.
Nice and entertaining read.
August 18, 2022
Great overview and introduction to Azure. I found the best practice sections to be useful and enjoyed the various examples and command references
Displaying 1 - 3 of 3 reviews