• Introduction to Azure Pentesting
  • Azure Pentesting Approch
  • Azure Pentesting Methodology

Due to the digital transformation and cost effectiveness the prevalence of Azure AD Active Directory usage, corporate companies have been migrating towards Azure services. As it is a hybrid technology, there are access control level risks such as On-Prem to Cloud infrastructure. But it is not as easy it sounds, there are multiple security risk that makes it possible to access the on-prem Active Directory controller through a compromised system on the cloud, and it is also possible to log into Azure AD via the on-prem Windows systems. Attackers are always searching for such attack vectors that can also exploit a detected vulnerability in web applications on Azure, and your on-prem or on-cloud active directory infrastructure can be exploited.

Considering these risks, we strongly recommend that organizations must include Azure AD in penetration testing, regardless on the type of infrastructure you have an internal or external network.



Do I need Microsoft's approval for Azure penetration testing?

No. Microsoft no longer requires pre-approval for you to perform penetration testing against Azure resources, as of June 2017. Microsoft explains, “We don’t perform penetration testing of your application for you, but we do understand that you want and need to perform testing on your own applications. That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.” Certbar's Azure pentesting complies with Microsoft Cloud Unified Penetration Testing Rules of Engagement.

Reduce organizational risk by improving cloud security resilience

Whether you are migrating to Azure, developing cloud native applications in Azure, using Azure Kubernetes Service (AKS), or pentesting Azure annually for compliance, penetration testing your Microsoft Azure infrastructure helps you ensure your cloud is secure. Our approach:

  • Discover all internet-facing assets
  • Identify less severe vulnerabilities to prevent it from chained together
  • Identify attack surfaces exposed by cloud and Active Directory integration
  • Verify findings using manual Azure penetration testing techniques
  • Our in-depth techniques to identify vulnerabilities on internet-facing assets and web applications
  • Deliver actionable guidance to remediate vulnerabilities
  • Identify confidential data exposure on publicly available resources

Our Azure penetration testing service includes a cloud services configuration review and external & internal pentesting techniques, such as: