渗透测试Penetration testing

使用 Azure 进行应用程序测试和部署的一个优点是可快速创建环境。One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. 不必为请求、获取以及“搭架和堆叠”本地硬件担心。You don’t have to worry about requisitioning, acquiring, and “racking and stacking” your own on-premises hardware.

快速创建环境很好,但仍需确保进行常规安全审慎调查。Quickly creating environments is great - but you still need to make sure you perform your normal security due diligence. 你可能想要做的事情之一就是对部署在 Azure 中的应用程序进行渗透测试。One of the things you likely want to do is penetration test the applications you deploy in Azure.

用户可能已经知道,Microsoft 将执行对 Azure 环境的渗透测试You might already know that Microsoft performs penetration testing of our Azure environment. 此测试有助于推动 Azure 改进。This testing helps drive Azure improvements.

我们不会为你进行应用程序渗透测试,但我们理解你希望对自己的应用程序进行渗透测试,并且需要这样做。We don't perform penetration testing of your application for you, but we do understand that you want and need to perform testing on your own applications. 这是好事,因为改进自己的应用程序的安全性可以加强整个 Azure 生态系统的安全性。That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.

由于此类测试与实际攻击难以区分,因此客户应仅在事先获得客户支持批准后才进行渗透测试,这一点至关重要。Because such testing can be indistinguishable from a real attack, it is critical that customers conduct penetration testing only after obtaining approval in advance from Customer Support. 渗透测试必须按照我们的条款和条件进行。Penetration testing must be conducted in accordance with our terms and conditions. 渗透测试申请应至少提前 7 天提交。Requests for penetration testing should be submitted with a minimum of 7-day advanced notice. 要详细了解或启动渗透测试,请下载渗透测试审批表,然后联系客户支持To learn more or to initiate penetration testing, please download the Penetration Testing Approval Form, and then contact Customer Support.

重要

渗透测试申请应至少提前 7 天提交,客户也必须遵守 Microsoft 云统一渗透测试参与规则Requests for penetration testing should be submitted with a minimum of 7-day advanced notice,also customers must comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.

可以执行的标准测试包括:Standard tests you can perform include:

你不能执行的一类渗透测试是任何类型的拒绝服务 (DoS) 攻击。One type of pen test that you can’t perform is any kind of Denial of Service (DoS) attack. 此测试包括:自行发起 DoS 攻击,或者执行相关的测试,以便确定、演示或模拟任何类型的 DoS 攻击。This test includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate, or simulate any type of DoS attack.

后续步骤Next steps