My Account Log in

1 option

Pentesting Azure applications : the definitive guide to testing and securing deployments / Matt Burrough.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Burrough, Matt, author.
Language:
English
Subjects (All):
Windows Azure--Security measures.
Windows Azure.
Cloud computing--Security measures.
Cloud computing.
Penetration testing (Computer security).
Physical Description:
1 online resource (220 pages)
Edition:
1st edition
Place of Publication:
San Francisco : No Starch Press, 2018.
System Details:
text file
Summary:
"Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You’ll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you’ll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure’s Infrastructure as a Service (IaaS). You’ll also learn how to: • Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files• Use PowerShell commands to find IP addresses, administrative users, and resource details• Find security issues related to multi-factor authentication and management certificates• Penetrate networks by enumerating firewall rules• Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation• View logs and security events to find out when you’ve been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations."
Contents:
Intro
Title Page
Copyright Page
About the Author
About the Technical Reviewer
Dedication
BRIEF CONTENTS
CONTENTS IN DETAIL
FOREWORD by Thomas W. Shinder, MD
ACKNOWLEDGMENTS
INTRODUCTION
About Penetration Testing
What This Book Is About
How This Book Is Organized
What You'll Need to Run the Tools
1 PREPARATION
A Hybrid Approach
Getting Permission
Summary
2 ACCESS METHODS
Azure Deployment Models
Obtaining Credentials
Mimikatz
Best Practices: Usernames and Passwords
Usernames and Passwords
Best Practices: Management Certificates
Finding Management Certificates
Best Practices: Protecting Privileged Accounts
Encountering Two-Factor Authentication
3 RECONNAISSANCE
Installing PowerShell and the Azure PowerShell Module
Service Models
Best Practices: PowerShell Security
Authenticating with the PowerShell Module and CLI
Authenticating with Management Certificates
Best Practices: Service Principals
Authenticating with Service Principals
Best Practices: Subscription Security
Gathering Subscription Information
Gathering Information on Networking
Consolidated PowerShell Scripts
4 EXAMINING STORAGE
Best Practices: Storage Security
Accessing Storage Accounts
Where to Find Storage Credentials
Accessing Storage Types
5 TARGETING VIRTUAL MACHINES
Best Practices: VM Security
Virtual Hard Disk Theft and Analysis
Exploring the VHD with Autopsy
Cracking Password Hashes
Password Hash Attack Tools
Using a VHD's Secrets Against a VM
Resetting a Virtual Machine's Credentials
6 INVESTIGATING NETWORKS
Best Practices: Network Security
Avoiding Firewalls
Cloud-to-Corporate Network Bridging
7 OTHER AZURE SERVICES
Best Practices: Key Vault.
Examining Azure Key Vault
Targeting Web Apps
Best Practices: Automation
Leveraging Azure Automation
8 MONITORING, LOGS, AND ALERTS
Azure Security Center
Operations Management Suite
Secure DevOps Kit
Custom Log Handling
GLOSSARY
INDEX.
Notes:
Description based on print version record.
Includes index.
Other Format:
Online version: Burrough, Matt, author. Pentesting Azure applications
ISBN:
9781492069416
1492069418
9781593278649
1593278640
9781593278632
1593278632
OCLC:
1052786247

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account