Pentesting Azure Applications The Definitive Guide to Testing and Securing Deployments 1st Edition by Matt Burrough ISBN 9781593278632 1593278632

Pentesting Azure Applications The Definitive Guide to Testing and Securing Deployments 1st Edition by Matt Burrough – Ebook PDF Instant Download/Delivery: 9781593278632, 1593278632

Full download Pentesting Azure Applications The Definitive Guide to Testing and Securing Deployments 1st Edition after payment

Product details:

ISBN 10: 1593278632

ISBN 13: 9781593278632

Author: Matt Burrough

 A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
You’ll learn how to:
-Find security issues related to multi-factor authentication and management certificates
-Make sense of Azure’s services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
-Discover security configuration errors that could lead to exploits against Azure storage and keys
-Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
-Penetrate networks by enumerating firewall rules
-Investigate specialized services like Azure Key Vault and Azure Websites
-Know when you might be caught by viewing logs and security events
Packed with real-world examples from the author’s experience as a corporate penetration tester, sample scripts from pen-tests and “Defenders Tips” that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.

Table of contents: 

1. PREPARATION
   1.1 A Hybrid Approach
   1.2 Getting Permission
   1.3 Summary

2. ACCESS METHODS
   2.1 Azure Deployment Models
   2.2 Obtaining Credentials
   2.3 Mimikatz
   2.4 Best Practices: Usernames and Passwords
   2.5 Usernames and Passwords
   2.6 Best Practices: Management Certificates
   2.7 Finding Management Certificates
   2.8 Best Practices: Protecting Privileged Accounts
   2.9 Encountering Two-Factor Authentication
   2.10 Summary

3. RECONNAISSANCE
   3.1 Installing PowerShell and the Azure PowerShell Module
   3.2 Service Models
   3.3 Best Practices: PowerShell Security
   3.4 Authenticating with the PowerShell Module and CLI
   3.5 Authenticating with Management Certificates
   3.6 Best Practices: Service Principals
   3.7 Authenticating with Service Principals
   3.8 Best Practices: Subscription Security
   3.9 Gathering Subscription Information
   3.10 Gathering Information on Networking
   3.11 Consolidated PowerShell Scripts
   3.12 Summary

4. EXAMINING STORAGE
   4.1 Best Practices: Storage Security
   4.2 Accessing Storage Accounts
   4.3 Where to Find Storage Credentials
   4.4 Accessing Storage Types
   4.5 Summary

5. TARGETING VIRTUAL MACHINES
   5.1 Best Practices: VM Security
   5.2 Virtual Hard Disk Theft and Analysis
   5.3 Exploring the VHD with Autopsy
   5.4 Cracking Password Hashes
   5.5 Password Hash Attack Tools
   5.6 Using a VHD’s Secrets Against a VM
   5.7 Resetting a Virtual Machine’s Credentials
   5.8 Summary

6. INVESTIGATING NETWORKS
   6.1 Best Practices: Network Security
   6.2 Avoiding Firewalls
   6.3 Cloud-to-Corporate Network Bridging
   6.4 Summary

7. OTHER AZURE SERVICES
   7.1 Best Practices: Key Vault
   7.2 Examining Azure Key Vault
   7.3 Targeting Web Apps
   7.4 Best Practices: Automation
   7.5 Leveraging Azure Automation
   7.6 Summary

8. MONITORING, LOGS, AND ALERTS
   8.1 Azure Security Center
   8.2 Operations Management Suite
   8.3 Secure DevOps Kit
   8.4 Custom Log Handling
   8.5 Summary

People also search for:

 pentesting azure applications book
    
azure pentesting policy
    
pentesting azure
    
pentesting azure ad
    
azure application security group example

Tags: Matt Burrough, Pentesting Azure, Applications, Definitive Guide, Testing