What do you think?
Rate this book
Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments
A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
You'll learn how
-Find security issues related to multi-factor authentication and management certificates
-Make sense of Azure's services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
-Discover security configuration errors that could lead to exploits against Azure storage and keys
-Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
-Penetrate networks by enumerating firewall rules
-Investigate specialized services like Azure Key Vault and Azure Websites
-Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author's experience as a corporate penetration tester, sample scripts from pen-tests and "Defenders Tips" that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.
You'll learn how
-Find security issues related to multi-factor authentication and management certificates
-Make sense of Azure's services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
-Discover security configuration errors that could lead to exploits against Azure storage and keys
-Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
-Penetrate networks by enumerating firewall rules
-Investigate specialized services like Azure Key Vault and Azure Websites
-Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author's experience as a corporate penetration tester, sample scripts from pen-tests and "Defenders Tips" that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.
216 pages, Paperback
Published July 1, 2018
27 people are currently reading
157 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
June 24, 2024
It is interesting book. The biggest issue that it is quite old and lot of content outdated in meantime. Second edition would be definitively appreciated. Book refer to both models of resource management including the ASM mode which is now referred as “classic” and will retire completely later in 2024. PowerShell tools evolved lot, and most commands referred in book are no longer functional without modifications. Similarly Azure CLI evolved a lot. Several links in book are completely dead now. And finally, Azure portal evolved a lot, so screenshots are mostly no longer valid so.
Book describes techniques to hack azure subscription and gain access to resources in it. Like many other security books, many observations are obvious and you most probably heard about some of them several times already. Still, book contains several very interesting techniques which were new to me like extracting even encrypted credentials from electron apps (Azure Storage Explorer in the case of this book).
Book is easy to read and is well written. Reading is fast and seamless, there is very few cross references between chapter. Author uses pretty simple English. Book is easy to read for non-native English speakers.
I recommend reading the book. It is not that long and even it is outdated a little, concepts remain mostly same and most probably even nowadays, everybody can take something from it for making azure resources more secure.
Book describes techniques to hack azure subscription and gain access to resources in it. Like many other security books, many observations are obvious and you most probably heard about some of them several times already. Still, book contains several very interesting techniques which were new to me like extracting even encrypted credentials from electron apps (Azure Storage Explorer in the case of this book).
Book is easy to read and is well written. Reading is fast and seamless, there is very few cross references between chapter. Author uses pretty simple English. Book is easy to read for non-native English speakers.
I recommend reading the book. It is not that long and even it is outdated a little, concepts remain mostly same and most probably even nowadays, everybody can take something from it for making azure resources more secure.
December 22, 2021
A high-level Azure overview, maybe a bit slightly dated. Big focus on reconnaissance (great), not so much on direct exploitation. You could use the book to get a first introduction to Azure or to adopt you existing pen-testing knowledge to that platform.
Examples are azure-cli / powershell-heavy, that's also great.
Nice and entertaining read.
Examples are azure-cli / powershell-heavy, that's also great.
Nice and entertaining read.
August 18, 2022
Great overview and introduction to Azure. I found the best practice sections to be useful and enjoyed the various examples and command references
Displaying 1 - 3 of 3 reviews