Pentesting Azure Applications

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments
by Matt Burrough
July 2018, 216 pp.

Featured in Tripwire VERT.

Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You’ll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you’ll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure’s Infrastructure as a Service (IaaS).

You’ll also learn how to:

  • Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files
  • Use PowerShell commands to find IP addresses, administrative users, and resource details
  • Find security issues related to multi-factor authentication and management certificates
  • Penetrate networks by enumerating firewall rules
  • Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation
  • View logs and security events to find out when you’ve been caught

Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.

Author Bio 

Matt Burrough is a senior penetration tester on a corporate red team, where he assesses the security of cloud computing services and inter­nal systems. He holds a bachelor’s degree in networking, security, and system administration from Rochester Institute of Technology and a master’s degree in computer science from the University of Illinois at Urbana-Champaign.

Table of contents 

Chapter 1: Preparation
Chapter 2: Access Methods
Chapter 3: Reconnaissance
Chapter 4: Examining Storage
Chapter 5: Targeting Virtual Machines
Chapter 6: Investigating Networks
Chapter 7: Other Azure Services
Chapter 8: Monitoring, Logs, and Alerts


"This is the perfect resource for Microsoft Azure users who need to secure their applications."
—Daniel Hein, Solutions Review

“Informative . . . While this book is meant to be used for pentesting Azure, it is also a great resource in securing and locking down your subscription.”
—Ronald McClellan, Security Orb

“A great guide on the titular topic.”
—Ary Widdes, Security Researcher, Tripwire

Extra Stuff 

You can access the book's scripts here.