Penetration Testing

[abokov]

Validating security defenses is as important as testing any other functionality. Make penetration testing a standard part of your build and deployment process. Schedule regular security tests and vulnerability scanning on deployed applications, and monitor for open ports, endpoints, and attacks. Pen testing can help compliance by validating existing security controls or defenses. Often, in fact, regulatory standards also prescribe the utilization of specific technical tools, firewalls and antivirus as well as measures for the physical and digital protection of data.

Fuzz testing is a method for finding program failures by supplying malformed input data to program interfaces that parse and consume this data. It is also a great way to provide additional testing on interfaces, function inputs.

Best Practices

While notifying Microsoft of pen testing activities is no longer required, customers must still comply with the Microsoft Cloud UnifiedPenetration Testing Rules of Engagement. Standard tests you can perform include:

• Tests on your endpoints to uncover the Open Web Application Security Project (OWASP) top 10 vulnerabilities.
• Fuzz testing of your endpoints to ensure no holes are open for bad actors to exploit.
• Microsoft SecurityRisk Detection is a cloud-based tool that you can use to look for bugs and other security vulnerabilities in your software before you deploy it to Azure
• Port scanning of your endpoints to ensure everything is locked down.