Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
45 lines (33 sloc) 3.15 KB
title description services documentationcenter author manager editor ms.assetid ms.service ms.subservice ms.devlang ms.topic ms.tgt_pltfrm ms.workload ms.date ms.author
Pen Testing | Microsoft Docs
The article provides an overview of the penetration testing (pentest) process and how perform pentest against your apps running in Azure infrastructure.
security
na
TerryLanfear
barbkess
TomSh
695d918c-a9ac-4eba-8692-af4526734ccc
security
security-fundamentals
na
article
na
na
08/13/2018
barclayn

Penetration Testing

One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. You don’t have to worry about requisitioning, acquiring, and “racking and stacking” your own on-premises hardware.

This is great – but you still need to make sure you perform your normal security due diligence. One of the things you likely want to do is penetration test the applications you deploy in Azure.

You might already know that Microsoft performs penetration testing of our Azure environment. This helps drive Azure improvements.

We don’t penetration test your application for you, but we do understand that you will want and need to perform testing on your own applications. That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.

As of June 15, 2017, Microsoft no longer requires pre-approval to conduct a penetration test against Azure resources. Customers who wish to formally document upcoming penetration testing engagements against Microsoft Azure are encouraged to fill out the Azure Service Penetration Testing Notification form. This process is only related to Microsoft Azure, and not applicable to any other Microsoft Cloud Service.

[!IMPORTANT] While notifying Microsoft of pen testing activities is no longer required customers must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.

Standard tests you can perform include:

One type of test that you can’t perform is any kind of Denial of Service (DoS) attack. This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate or simulate any type of DoS attack.

Next steps

  • If you would like to formally document an upcoming penetration testing against your applications hosted in Microsoft Azure, head on over to the Penetration Testing Rules of Engagement and fill out the testing notification form.
You can’t perform that action at this time.