Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments

Matt Burrough

買這商品的人也買了...

商品描述

A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.

You'll learn how to:
-Find security issues related to multi-factor authentication and management certificates
-Make sense of Azure's services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
-Discover security configuration errors that could lead to exploits against Azure storage and keys
-Uncover weaknesses in virtual machine settings that enable you to and acquire passwords, binaries, code, and settings files
-Penetrate networks by enumerating firewall rules
-Investigate specialized services like Azure Key Vault and Azure Websites
-Know when you might be caught by viewing logs and security events

Packed with real-world examples from the author's experience as a corporate penetration tester, sample scripts from pen-tests and "Defenders Tips" that explain how companies can reduce risk, Pentesting Azure Applications provides a clear overview of how to effectively perform security tests so that you can provide the most accurate assessments possible.

商品描述(中文翻譯)

《Pentesting Azure Applications》是一本全面指南,介紹如何對微軟Azure雲端服務進行滲透測試。Azure是一家廣受大大小小企業使用的熱門雲端運算服務提供商。

本書將教你如何:
- 尋找與多重身份驗證和管理憑證相關的安全問題
- 通過使用PowerShell命令來查找IP地址、管理使用者和防火牆規則,來理解Azure的服務
- 發現可能導致對Azure存儲和金鑰進行攻擊的安全配置錯誤
- 通過破解虛擬機器設置,獲取密碼、二進制文件、代碼和設置文件
- 通過列舉防火牆規則來滲透網絡
- 探索特殊服務,如Azure Key Vault和Azure網站
- 通過查看日誌和安全事件來了解何時可能被發現

本書充滿了作者作為企業滲透測試人員的實際經驗,包含了來自滲透測試的示例腳本和“防守者提示”,解釋了企業如何降低風險。《Pentesting Azure Applications》提供了對如何有效進行安全測試的清晰概述,以便您能夠提供最準確的評估。

目錄大綱

Chapter 1: Preparation
Chapter 2: Access Methods
Chapter 3: Reconnaissance
Chapter 4: Examining Storage
Chapter 5: Targeting Virtual Machines
Chapter 6: Investigating Networks
Chapter 7: Other Azure Services
Chapter 8: Monitoring, Logs, and Alerts
Glossary

目錄大綱(中文翻譯)

第一章:準備工作
第二章:存取方法
第三章:偵察
第四章:檢查儲存
第五章:針對虛擬機器
第六章:調查網路
第七章:其他 Azure 服務
第八章:監控、日誌和警示
詞彙表