Penetration testing
One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. You don't have to worry about requisitioning, acquiring, and "racking and stacking" your own on-premises hardware.
Quickly creating environments is great but you still need to make sure you perform your normal security due diligence. One of the things you likely want to do is penetration test the applications you deploy in Azure. We don't perform penetration testing of your application for you, but we do understand that you want and need to perform testing on your own applications. That's a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.
Because such testing can be indistinguishable from a real attack, it is critical that customers conduct penetration testing only after obtaining approval in advance from Customer Support. Penetration testing must be conducted in accordance with our terms and conditions. Requests for penetration testing should be submitted with a minimum of 7-day advanced notice. To learn more or to initiate penetration testing, please download the Penetration Testing Approval Form, and then contact Customer Support.
Important
Requests for penetration testing should be submitted with a minimum of 7-day advanced notice,also customers must comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.
Standard tests you can perform include:
- Tests on your endpoints to uncover the Open Web Application Security Project (OWASP) top 10 vulnerabilities
- Fuzz testing of your endpoints
- Port scanning of your endpoints
One type of pen test that you can't perform is any kind of Denial of Service (DoS) attack. This test includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate, or simulate any type of DoS attack.
Next steps
- Learn more about the Penetration Testing Rules of Engagement.