Pentesting Azure applications : the definitive guide to testing and securing deployments

Book Cover
Average Rating
Published
San Francisco : No Starch Press, [2018].
Status
Available Online

Description

Loading Description...

More Details

Format
Language
English
ISBN
9781593278649, 1593278640

Notes

General Note
Includes index.
Description
A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.
Local note
O'Reilly,O'Reilly Online Learning: Academic/Public Library Edition

Also in this Series

Checking series information...

More Like This

Loading more titles like this title...

Reviews from GoodReads

Loading GoodReads Reviews.

Citations

APA Citation, 7th Edition (style guide)

Burrough, M. (2018). Pentesting Azure applications: the definitive guide to testing and securing deployments . No Starch Press.

Chicago / Turabian - Author Date Citation, 17th Edition (style guide)

Burrough, Matt. 2018. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments. San Francisco: No Starch Press.

Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)

Burrough, Matt. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments San Francisco: No Starch Press, 2018.

Harvard Citation (style guide)

Burrough, M. (2018). Pentesting azure applications: the definitive guide to testing and securing deployments. San Francisco: No Starch Press.

MLA Citation, 9th Edition (style guide)

Burrough, Matt. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments No Starch Press, 2018.

Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.

Staff View

Grouped Work ID
f0586c2a-8b20-5120-3f38-a4462c64ac5d-eng
Go To Grouped Work View in Staff Client

Grouping Information

Grouped Work IDf0586c2a-8b20-5120-3f38-a4462c64ac5d-eng
Full titlepentesting azure applications the definitive guide to testing and securing deployments
Authorburrough matt
Grouping Categorybook
Last Update2024-10-08 10:55:34AM
Last Indexed2024-12-03 03:35:35AM

Book Cover Information

Image SourcecontentCafe
First LoadedMay 9, 2024
Last UsedSep 11, 2024

Marc Record

First DetectedMar 21, 2023 11:48:31 AM
Last File Modification TimeJul 05, 2024 07:32:55 AM
SuppressedRecord had no items

MARC Record

LEADER06574cam a2200553 i 4500
001on1052786247
003OCoLC
00520240705073243.0
006m     o  d        
007cr unu||||||||
008180918s2018    caua    o     001 0 eng d
019 |a 1048302777
020 |a 9781593278649
020 |a 1593278640
02802|a EB00706876|b Recorded Books
035 |a (OCoLC)1052786247|z (OCoLC)1048302777
037 |a CL0500000992|b Safari Books Online
040 |a UMI|b eng|e rda|e pn|c UMI|d RECBK|d OCLCF|d STF|d EBLCP|d TOH|d CEF|d G3B|d MERUC|d IDB|d UAB|d C6I|d OCLCQ|d OCL|d OCLCQ|d OCLCO|d OCLCQ
049 |a MAIN
050 4|a QA76.585
08204|a 305.8
084 |a COM053000|a COM060040|2 bisacsh
1001 |a Burrough, Matt,|e author.|9 459945
24510|a Pentesting Azure applications :|b the definitive guide to testing and securing deployments /|c by Matt Burrough.
264 1|a San Francisco :|b No Starch Press,|c [2018]
264 4|c ©2018
300 |a 1 online resource (1 volume) :|b illustrations
336 |a text|b txt|2 rdacontent
337 |a computer|b c|2 rdamedia
338 |a online resource|b cr|2 rdacarrier
500 |a Includes index.
5050 |a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; About Penetration Testing; What This Book Is About; How This Book Is Organized; What You'll Need to Run the Tools; Chapter 1: Preparation; A Hybrid Approach; Teams Don't Always Have Cloud Experience; Clouds Are Reasonably Secure by Default; It's All Connected; Getting Permission; Scope the Assessment; Notify Microsoft; Obtain a "Get Out of Jail Free" Card; Be Aware of and Respect Local Laws; Summary; Chapter 2: Access Methods; Azure Deployment Models; Azure Service Management; Azure Resource Manager
5058 |a Obtaining CredentialsMimikatz; Using Mimikatz; Capturing Credentials; Factors Affecting Success; Best Practices: Usernames and Passwords; Usernames and Passwords; Searching Unencrypted Documents; Phishing; Looking for Saved ARM Profile Tokens; Guessing Passwords; Best Practices: Management Certificates; Finding Management Certificates; Publish Settings Files; Reused Certificates; Configuration Files; Cloud Service Packages; Best Practices: Protecting Privileged Accounts; Encountering Two-Factor Authentication; Using Certificate Authentication; Using a Service Principal or a Service Account
5058 |a Accessing CookiesProxying Traffic Through the User's Browser; Utilizing Smartcards; Stealing a Phone or Phone Number; Prompting the User for 2FA; Summary; Chapter 3: Reconnaissance; Installing PowerShell and the Azure PowerShell Module; On Windows; On Linux or macOS; Running Your Tools; Service Models; Best Practices: PowerShell Security; Authenticating with the PowerShell Module and CLI; Authenticating with Management Certificates; Installing the Certificate; Authenticating; Connecting and Validating Access; Best Practices: Service Principals; Authenticating with Service Principals
5058 |a Using Service Principals with PasswordsAuthenticating with X.509 Certificates; Best Practices: Subscription Security; Gathering Subscription Information; Viewing Resource Groups; Viewing a Subscription's App Services (Web Apps); Gathering Information on Virtual Machines; Finding Storage Accounts and Storage Account Keys; Gathering Information on Networking; Network Interfaces; Obtaining Firewall Rules or Network Security Groups; Viewing Azure SQL Databases and Servers; Consolidated PowerShell Scripts; ASM Script; ARM Script; Summary; Chapter 4: Examining Storage
5058 |a Best Practices: Storage SecurityAccessing Storage Accounts; Storage Account Keys; User Credentials; SAS Tokens; Where to Find Storage Credentials; Finding Keys in Source Code; Obtaining Keys from a Developer's Storage Utilities; Accessing Storage Types; Identifying the Storage Mechanisms in Use; Accessing Blobs; Accessing Tables; Accessing Queues; Accessing Files; Summary; Chapter 5: Targeting Virtual Machines; Best Practices: VM Security; Virtual Hard Disk Theft and Analysis; Downloading a VHD Snapshot; Retrieving a VHD's Secrets; Exploring the VHD with Autopsy; Importing the VHD
520 |a A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.
5880 |a Print version record.
590 |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition
63000|a Windows Azure|x Security measures.
63007|a Windows Azure.|2 fast|0 (OCoLC)fst01796039
650 0|a Cloud computing|x Security measures.
650 0|a Penetration testing (Computer security)|9 403748
77608|i Print version:|a Burrough, Matt.|t Pentesting Azure applications.|d San Francisco : No Starch Press, 2018|z 9781593278632|w (DLC) 2017051237|w (OCoLC)1019835048
85640|u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781492069416/?ar|x O'Reilly|z eBook
938 |a ProQuest Ebook Central|b EBLB|n EBL6050893
938 |a Recorded Books, LLC|b RECE|n rbeEB00706876
994 |a 92|b VIA
999 |c 286977|d 286977