Azure Penetration Testing is About Protecting Your Resources

Azure Penetration Testing

Azure Penetration Testing is a cloud penetration scenario on the Microsoft cloud, Azure. Seculyze is specialized in Microsoft Azure. It follows the same process as Infrastructure Penetration Testing and has the same goal of exposing misconfigurations and vulnerabilities within the environment to be one step ahead of any attackers, however the contents differs slightly as focus is on resources

Generic Process with an Azure Twist

At Seculyze, we use the generic Penetration Testing Process as depicted in the overall pentesting offering. Two main phases are further split into sub-phases to describe the special nature of Azure Penetration Testing. The phases are identical to the Infrastructure Penetration Testing process, but the contents of the phases vary.

  • Phase 2: Discover is divided into the subphases 2a: Scan and 2b: Path
  • Phase 3: Attack is divided into the subphases 3a: Exploit and 3b: Access
Azure Penetration Testing

Azure

Process

Four generic phases based on generic process based on NIST 800-115 of which two are divided into sub-phases in the Azure Penetration Testing process

What is the Difference?

…and why is Azure Pentration testing harder than Infrastructure Penetration testing?

A cloud penetration test – in this case Azure Penetration Testing – focuses on resources and the setup of cloud services like Office365, Azure AD and different cloud resources used by the client such as storage accounts or databases. While the procedure is the same, the tools differ and so does the knowledge to conduct the penetration test.

In the attack phase, gaining access, escalating privileges, system browsing, and installation of additional tools can be easier or more difficult depending on your setup in the Cloud. Therefore, the output can also be recommendations to the security architecture as described in one of our other services, depending on the scope of the penetration test performed.

Want to know more about Azure Penetration Testing?

Contact

Kristian Jacobsen

CTO

+45 61792740

kristian@seculyze.com

Other Consultancy Services

Looking For Something Else?

Azure Design & Review >

SIEM Design & Review >