skip to content
Pentesting Azure applications : the definitive guide to testing and securing deployments Preview this item
ClosePreview this item
Checking...

Pentesting Azure applications : the definitive guide to testing and securing deployments

Author: Matt Burrough
Publisher: San Francisco : No Starch Press, [2018] ©2018
Edition/Format:   eBook : Document : EnglishView all editions and formats
Summary:
A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to  Read more...
Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Genre/Form: Electronic books
Additional Physical Format: Print version:
Burrough, Matt.
Pentesting Azure applications.
San Francisco : No Starch Press, 2018
(DLC) 2017051237
(OCoLC)1019835048
Material Type: Document, Internet resource
Document Type: Internet Resource, Computer File
All Authors / Contributors: Matt Burrough
ISBN: 9781593278649 1593278640
OCLC Number: 1052786247
Notes: Includes index.
Description: 1 online resource (1 volume) : illustrations
Contents: Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; About Penetration Testing; What This Book Is About; How This Book Is Organized; What You'll Need to Run the Tools; Chapter 1: Preparation; A Hybrid Approach; Teams Don't Always Have Cloud Experience; Clouds Are Reasonably Secure by Default; It's All Connected; Getting Permission; Scope the Assessment; Notify Microsoft; Obtain a "Get Out of Jail Free" Card; Be Aware of and Respect Local Laws; Summary; Chapter 2: Access Methods; Azure Deployment Models; Azure Service Management; Azure Resource Manager Obtaining CredentialsMimikatz; Using Mimikatz; Capturing Credentials; Factors Affecting Success; Best Practices: Usernames and Passwords; Usernames and Passwords; Searching Unencrypted Documents; Phishing; Looking for Saved ARM Profile Tokens; Guessing Passwords; Best Practices: Management Certificates; Finding Management Certificates; Publish Settings Files; Reused Certificates; Configuration Files; Cloud Service Packages; Best Practices: Protecting Privileged Accounts; Encountering Two-Factor Authentication; Using Certificate Authentication; Using a Service Principal or a Service Account Accessing CookiesProxying Traffic Through the User's Browser; Utilizing Smartcards; Stealing a Phone or Phone Number; Prompting the User for 2FA; Summary; Chapter 3: Reconnaissance; Installing PowerShell and the Azure PowerShell Module; On Windows; On Linux or macOS; Running Your Tools; Service Models; Best Practices: PowerShell Security; Authenticating with the PowerShell Module and CLI; Authenticating with Management Certificates; Installing the Certificate; Authenticating; Connecting and Validating Access; Best Practices: Service Principals; Authenticating with Service Principals Using Service Principals with PasswordsAuthenticating with X.509 Certificates; Best Practices: Subscription Security; Gathering Subscription Information; Viewing Resource Groups; Viewing a Subscription's App Services (Web Apps); Gathering Information on Virtual Machines; Finding Storage Accounts and Storage Account Keys; Gathering Information on Networking; Network Interfaces; Obtaining Firewall Rules or Network Security Groups; Viewing Azure SQL Databases and Servers; Consolidated PowerShell Scripts; ASM Script; ARM Script; Summary; Chapter 4: Examining Storage Best Practices: Storage SecurityAccessing Storage Accounts; Storage Account Keys; User Credentials; SAS Tokens; Where to Find Storage Credentials; Finding Keys in Source Code; Obtaining Keys from a Developer's Storage Utilities; Accessing Storage Types; Identifying the Storage Mechanisms in Use; Accessing Blobs; Accessing Tables; Accessing Queues; Accessing Files; Summary; Chapter 5: Targeting Virtual Machines; Best Practices: VM Security; Virtual Hard Disk Theft and Analysis; Downloading a VHD Snapshot; Retrieving a VHD's Secrets; Exploring the VHD with Autopsy; Importing the VHD
Responsibility: by Matt Burrough.

Abstract:

A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


Primary Entity

<http://www.worldcat.org/oclc/1052786247> # Pentesting Azure applications : the definitive guide to testing and securing deployments
    a schema:Book, schema:CreativeWork, schema:MediaObject ;
    library:oclcnum "1052786247" ;
    library:placeOfPublication <http://id.loc.gov/vocabulary/countries/cau> ;
    schema:about <http://experiment.worldcat.org/entity/work/data/4724773855#Topic/computers> ; # Computers
    schema:about <http://experiment.worldcat.org/entity/work/data/4724773855#Topic/penetration_testing_computer_security> ; # Penetration testing (Computer security)
    schema:about <http://experiment.worldcat.org/entity/work/data/4724773855#Topic/cloud_computing_security_measures> ; # Cloud computing--Security measures
    schema:about <http://experiment.worldcat.org/entity/work/data/4724773855#Topic/computers_security_online_safety_&_privacy> ; # COMPUTERS / Security / Online Safety & Privacy
    schema:about <http://experiment.worldcat.org/entity/work/data/4724773855#CreativeWork/windows_azure> ; # Windows Azure
    schema:author <http://experiment.worldcat.org/entity/work/data/4724773855#Person/burrough_matt> ; # Matt Burrough
    schema:bookFormat schema:EBook ;
    schema:datePublished "2018" ;
    schema:description "Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; About Penetration Testing; What This Book Is About; How This Book Is Organized; What You'll Need to Run the Tools; Chapter 1: Preparation; A Hybrid Approach; Teams Don't Always Have Cloud Experience; Clouds Are Reasonably Secure by Default; It's All Connected; Getting Permission; Scope the Assessment; Notify Microsoft; Obtain a "Get Out of Jail Free" Card; Be Aware of and Respect Local Laws; Summary; Chapter 2: Access Methods; Azure Deployment Models; Azure Service Management; Azure Resource Manager"@en ;
    schema:description "A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations."@en ;
    schema:exampleOfWork <http://worldcat.org/entity/work/id/4724773855> ;
    schema:genre "Electronic books"@en ;
    schema:inLanguage "en" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/1019835048> ;
    schema:name "Pentesting Azure applications : the definitive guide to testing and securing deployments"@en ;
    schema:productID "1052786247" ;
    schema:url <https://www.safaribooksonline.com/library/view/-/9781492069416/?ar> ;
    schema:url <https://login.gbcprx01.georgebrown.ca/login?url=http://proquest.safaribooksonline.com/?uiCode=geobrown&xmlId=9781492069416> ;
    schema:url <http://proxy.library.carleton.ca/login?url=http://proquest.safaribooksonline.com/?uiCode=carleton&xmlId=9781492069416> ;
    schema:url <http://rbdigital.rbdigital.com> ;
    schema:url <https://library.icc.edu/login?url=https://ebookcentral.proquest.com/lib/illcencol-ebooks/detail.action?docID=5541145> ;
    schema:url <http://proquest.safaribooksonline.com/?fpi=9781492069416> ;
    schema:url <http://proquest.safaribooksonline.com/?uiCode=stanford&xmlId=9781492069416> ;
    schema:url <http://ezproxy.torontopubliclibrary.ca/login?url=http://proquestcombo.safaribooksonline.com/?uiCode=torontopl&xmlId=9781492069416> ;
    schema:url <https://ebookcentral.proquest.com/lib/ucm/detail.action?docID=5541145> ;
    schema:url <http://public.eblib.com/choice/PublicFullRecord.aspx?p=5541145> ;
    schema:workExample <http://worldcat.org/isbn/9781593278649> ;
    wdrs:describedby <http://www.worldcat.org/title/-/oclc/1052786247> ;
    .


Related Entities

<http://experiment.worldcat.org/entity/work/data/4724773855#Person/burrough_matt> # Matt Burrough
    a schema:Person ;
    schema:familyName "Burrough" ;
    schema:givenName "Matt" ;
    schema:name "Matt Burrough" ;
    .

<http://experiment.worldcat.org/entity/work/data/4724773855#Topic/cloud_computing_security_measures> # Cloud computing--Security measures
    a schema:Intangible ;
    schema:name "Cloud computing--Security measures"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/4724773855#Topic/computers_security_online_safety_&_privacy> # COMPUTERS / Security / Online Safety & Privacy
    a schema:Intangible ;
    schema:name "COMPUTERS / Security / Online Safety & Privacy"@en ;
    .

<http://experiment.worldcat.org/entity/work/data/4724773855#Topic/penetration_testing_computer_security> # Penetration testing (Computer security)
    a schema:Intangible ;
    schema:name "Penetration testing (Computer security)"@en ;
    .

<http://proquest.safaribooksonline.com/?uiCode=stanford&xmlId=9781492069416>
    rdfs:comment "Available to Stanford-affiliated users." ;
    .

<http://worldcat.org/isbn/9781593278649>
    a schema:ProductModel ;
    schema:isbn "1593278640" ;
    schema:isbn "9781593278649" ;
    .

<http://www.worldcat.org/oclc/1019835048>
    a schema:CreativeWork ;
    rdfs:label "Pentesting Azure applications." ;
    schema:description "Print version:" ;
    schema:isSimilarTo <http://www.worldcat.org/oclc/1052786247> ; # Pentesting Azure applications : the definitive guide to testing and securing deployments
    .

<http://www.worldcat.org/title/-/oclc/1052786247>
    a genont:InformationResource, genont:ContentTypeGenericResource ;
    schema:about <http://www.worldcat.org/oclc/1052786247> ; # Pentesting Azure applications : the definitive guide to testing and securing deployments
    schema:dateModified "2019-06-26" ;
    void:inDataset <http://purl.oclc.org/dataset/WorldCat> ;
    .

<https://www.safaribooksonline.com/library/view/-/9781492069416/?ar>
    rdfs:comment "from Safari" ;
    rdfs:comment "(Unlimited Concurrent Users)" ;
    .


Content-negotiable representations

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.