In this book review, I looked at the topic of pentesting cloud-based applications, specifically Microsoft’s Azure. While the focus of the book was for Azure, a lot of the information will be beneficial no matter the cloud environment. Even thought Cloud hosting has been around for several years, it is still a new technology and many senior security professionals are learning the do and don’ts of how to secure the infrastructure.
I found “Pentesting Azure Applications” to be informative and Matt does a great job of sharing links to additional information on topics that can help secure your Azure deployment(s). In this aspect, while this book is meant to be used for pentesting Azure, it is also a great resource in securing and locking down your subscription. Just by looking at and using the “Defender’s Tips” that Matt includes, you will definitely make your network and systems more secure.
The text consists of 8 chapters, each chapter stands by itself and there is no need to read chapters 1 thru 7, if you are looking to understand logging and alerting in chapter 8. Below is a breakdown of each chapter and what can be found in each. Since the book can be used for all levels of security testers, you may find that some chapters are more useful than others. A lot of large pentesting firms have a team that handles the preparation and legal aspects for multiple teams, and you may want to jump straight to reconnaissance or network investigations chapters.
Read more here – https://www.securityorb.com/cloud-security/a-book-review-of-pentesting-azure-applications-by-matt-burrough/
*** This is a Security Bloggers Network syndicated blog from Kellep Charles Information Security Blog Space authored by Kellep A. Charles, CISA, CISSP, NSA-IAM. Read the original post at: http://kellepcharles.blogspot.com/2018/10/a-book-review-of-pentesting-azure.html