Pentesting Azure applications : the definitive guide to testing and securing deployments
Description
Loading Description...
More Details
Format
Language
English
ISBN
9781593278649, 1593278640
Notes
General Note
Includes index.
Description
A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations.
Local note
O'Reilly,O'Reilly Online Learning: Academic/Public Library Edition
Also in this Series
Checking series information...
Reviews from GoodReads
Loading GoodReads Reviews.
Citations
APA Citation, 7th Edition (style guide)
Burrough, M. (2018). Pentesting Azure applications: the definitive guide to testing and securing deployments . No Starch Press.
Chicago / Turabian - Author Date Citation, 17th Edition (style guide)Burrough, Matt. 2018. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments. San Francisco: No Starch Press.
Chicago / Turabian - Humanities (Notes and Bibliography) Citation, 17th Edition (style guide)Burrough, Matt. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments San Francisco: No Starch Press, 2018.
Harvard Citation (style guide)Burrough, M. (2018). Pentesting azure applications: the definitive guide to testing and securing deployments. San Francisco: No Starch Press.
MLA Citation, 9th Edition (style guide)Burrough, Matt. Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments No Starch Press, 2018.
Note! Citations contain only title, author, edition, publisher, and year published. Citations should be used as a guideline and should be double checked for accuracy. Citation formats are based on standards as of August 2021.
Staff View
Grouped Work ID
f0586c2a-8b20-5120-3f38-a4462c64ac5d-eng
Grouping Information
Grouped Work ID | f0586c2a-8b20-5120-3f38-a4462c64ac5d-eng |
---|---|
Full title | pentesting azure applications the definitive guide to testing and securing deployments |
Author | burrough matt |
Grouping Category | book |
Last Update | 2024-10-08 10:55:34AM |
Last Indexed | 2024-12-03 03:35:35AM |
Book Cover Information
Image Source | contentCafe |
---|---|
First Loaded | May 9, 2024 |
Last Used | Sep 11, 2024 |
Marc Record
First Detected | Mar 21, 2023 11:48:31 AM |
---|---|
Last File Modification Time | Jul 05, 2024 07:32:55 AM |
Suppressed | Record had no items |
MARC Record
LEADER | 06574cam a2200553 i 4500 | ||
---|---|---|---|
001 | on1052786247 | ||
003 | OCoLC | ||
005 | 20240705073243.0 | ||
006 | m o d | ||
007 | cr unu|||||||| | ||
008 | 180918s2018 caua o 001 0 eng d | ||
019 | |a 1048302777 | ||
020 | |a 9781593278649 | ||
020 | |a 1593278640 | ||
028 | 0 | 2 | |a EB00706876|b Recorded Books |
035 | |a (OCoLC)1052786247|z (OCoLC)1048302777 | ||
037 | |a CL0500000992|b Safari Books Online | ||
040 | |a UMI|b eng|e rda|e pn|c UMI|d RECBK|d OCLCF|d STF|d EBLCP|d TOH|d CEF|d G3B|d MERUC|d IDB|d UAB|d C6I|d OCLCQ|d OCL|d OCLCQ|d OCLCO|d OCLCQ | ||
049 | |a MAIN | ||
050 | 4 | |a QA76.585 | |
082 | 0 | 4 | |a 305.8 |
084 | |a COM053000|a COM060040|2 bisacsh | ||
100 | 1 | |a Burrough, Matt,|e author.|9 459945 | |
245 | 1 | 0 | |a Pentesting Azure applications :|b the definitive guide to testing and securing deployments /|c by Matt Burrough. |
264 | 1 | |a San Francisco :|b No Starch Press,|c [2018] | |
264 | 4 | |c ©2018 | |
300 | |a 1 online resource (1 volume) :|b illustrations | ||
336 | |a text|b txt|2 rdacontent | ||
337 | |a computer|b c|2 rdamedia | ||
338 | |a online resource|b cr|2 rdacarrier | ||
500 | |a Includes index. | ||
505 | 0 | |a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Introduction; About Penetration Testing; What This Book Is About; How This Book Is Organized; What You'll Need to Run the Tools; Chapter 1: Preparation; A Hybrid Approach; Teams Don't Always Have Cloud Experience; Clouds Are Reasonably Secure by Default; It's All Connected; Getting Permission; Scope the Assessment; Notify Microsoft; Obtain a "Get Out of Jail Free" Card; Be Aware of and Respect Local Laws; Summary; Chapter 2: Access Methods; Azure Deployment Models; Azure Service Management; Azure Resource Manager | |
505 | 8 | |a Obtaining CredentialsMimikatz; Using Mimikatz; Capturing Credentials; Factors Affecting Success; Best Practices: Usernames and Passwords; Usernames and Passwords; Searching Unencrypted Documents; Phishing; Looking for Saved ARM Profile Tokens; Guessing Passwords; Best Practices: Management Certificates; Finding Management Certificates; Publish Settings Files; Reused Certificates; Configuration Files; Cloud Service Packages; Best Practices: Protecting Privileged Accounts; Encountering Two-Factor Authentication; Using Certificate Authentication; Using a Service Principal or a Service Account | |
505 | 8 | |a Accessing CookiesProxying Traffic Through the User's Browser; Utilizing Smartcards; Stealing a Phone or Phone Number; Prompting the User for 2FA; Summary; Chapter 3: Reconnaissance; Installing PowerShell and the Azure PowerShell Module; On Windows; On Linux or macOS; Running Your Tools; Service Models; Best Practices: PowerShell Security; Authenticating with the PowerShell Module and CLI; Authenticating with Management Certificates; Installing the Certificate; Authenticating; Connecting and Validating Access; Best Practices: Service Principals; Authenticating with Service Principals | |
505 | 8 | |a Using Service Principals with PasswordsAuthenticating with X.509 Certificates; Best Practices: Subscription Security; Gathering Subscription Information; Viewing Resource Groups; Viewing a Subscription's App Services (Web Apps); Gathering Information on Virtual Machines; Finding Storage Accounts and Storage Account Keys; Gathering Information on Networking; Network Interfaces; Obtaining Firewall Rules or Network Security Groups; Viewing Azure SQL Databases and Servers; Consolidated PowerShell Scripts; ASM Script; ARM Script; Summary; Chapter 4: Examining Storage | |
505 | 8 | |a Best Practices: Storage SecurityAccessing Storage Accounts; Storage Account Keys; User Credentials; SAS Tokens; Where to Find Storage Credentials; Finding Keys in Source Code; Obtaining Keys from a Developer's Storage Utilities; Accessing Storage Types; Identifying the Storage Mechanisms in Use; Accessing Blobs; Accessing Tables; Accessing Queues; Accessing Files; Summary; Chapter 5: Targeting Virtual Machines; Best Practices: VM Security; Virtual Hard Disk Theft and Analysis; Downloading a VHD Snapshot; Retrieving a VHD's Secrets; Exploring the VHD with Autopsy; Importing the VHD | |
520 | |a A comprehensive guide to penetration testing cloud services deployed with Microsoft Azure, the popular cloud computing service provider used by companies like Warner Brothers and Apple. Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies. You'll start by learning how to approach a cloud-focused penetration test and how to obtain the proper permissions to execute it; then, you'll learn to perform reconnaissance on an Azure subscription, gain access to Azure Storage accounts, and dig into Azure's Infrastructure as a Service (IaaS). You'll also learn how to: - Uncover weaknesses in virtual machine settings that enable you to acquire passwords, binaries, code, and settings files - Use PowerShell commands to find IP addresses, administrative users, and resource details - Find security issues related to multi-factor authentication and management certificates - Penetrate networks by enumerating firewall rules - Investigate specialized services like Azure Key Vault, Azure Web Apps, and Azure Automation - View logs and security events to find out when you've been caught Packed with sample pentesting scripts, practical advice for completing security assessments, and tips that explain how companies can configure Azure to foil common attacks, Pentesting Azure Applications is a clear overview of how to effectively perform cloud-focused security tests and provide accurate findings and recommendations. | ||
588 | 0 | |a Print version record. | |
590 | |a O'Reilly|b O'Reilly Online Learning: Academic/Public Library Edition | ||
630 | 0 | 0 | |a Windows Azure|x Security measures. |
630 | 0 | 7 | |a Windows Azure.|2 fast|0 (OCoLC)fst01796039 |
650 | 0 | |a Cloud computing|x Security measures. | |
650 | 0 | |a Penetration testing (Computer security)|9 403748 | |
776 | 0 | 8 | |i Print version:|a Burrough, Matt.|t Pentesting Azure applications.|d San Francisco : No Starch Press, 2018|z 9781593278632|w (DLC) 2017051237|w (OCoLC)1019835048 |
856 | 4 | 0 | |u https://library.access.arlingtonva.us/login?url=https://learning.oreilly.com/library/view/~/9781492069416/?ar|x O'Reilly|z eBook |
938 | |a ProQuest Ebook Central|b EBLB|n EBL6050893 | ||
938 | |a Recorded Books, LLC|b RECE|n rbeEB00706876 | ||
994 | |a 92|b VIA | ||
999 | |c 286977|d 286977 |