渗透测试Penetration Testing

使用 Azure 进行应用程序测试和部署的一个优点是可快速创建环境。One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. 用户不需担心如何请求、获取和安装自己的本地硬件。You don’t have to worry about requisitioning, acquiring, and “racking and stacking” your own on-premises hardware.

此功能很有用,但用户仍需确保执行正常的安全防护措施。This is great – but you still need to make sure you perform your normal security due diligence. 你可能想要做的事情之一就是对部署在 Azure 中的应用程序进行渗透测试。One of the things you likely want to do is penetration test the applications you deploy in Azure.

用户可能已经知道,Microsoft 将执行对 Azure 环境的渗透测试You might already know that Microsoft performs penetration testing of our Azure environment. 这有助于改进 Azure。This helps drive Azure improvements.

我们不会为你对应用程序进行渗透测试,但我们确实了解你想要并需要对自己的应用程序进行渗透测试。We don’t penetration test your application for you, but we do understand that you will want and need to perform testing on your own applications. 这是好事,因为改进自己的应用程序的安全性可以加强整个 Azure 生态系统的安全性。That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.

自 2017 年 6 月 15 日起,Microsoft 不再需要预先批准即可针对 Azure 资源进行渗透测试。As of June 15, 2017, Microsoft no longer requires pre-approval to conduct a penetration test against Azure resources. 愿意正式记录即将进行的针对 Microsoft Azure 的渗透测试活动的用户,请填写 Azure 服务渗透测试通知表Customers who wish to formally document upcoming penetration testing engagements against Microsoft Azure are encouraged to fill out the Azure Service Penetration Testing Notification form. 本流程仅与 Microsoft Azure 相关,并不适用于任何其他 Microsoft 云服务。This process is only related to Microsoft Azure, and not applicable to any other Microsoft Cloud Service.

重要

虽然参加渗透测试时无需再通知 Microsoft,客户仍须遵守 Microsoft 云统一渗透测试参与规则While notifying Microsoft of pen testing activities is no longer required customers must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.

可以执行的标准测试包括:Standard tests you can perform include:

用户不能执行的一类测试是任何类型的 拒绝服务 (DoS) 攻击。One type of test that you can’t perform is any kind of Denial of Service (DoS) attack. 其中包括:发起 DoS 攻击,或者执行相关的测试,以便确定、演示或模拟任何类型的 DoS 攻击。This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate or simulate any type of DoS attack.

后续步骤Next steps

  • 如果你想正式记录即将针对 Microsoft Azure 中托管的应用程序进行的渗透测试,请继续阅读渗透测试参与规则并填写测试通知表单。If you would like to formally document an upcoming penetration testing against your applications hosted in Microsoft Azure, head on over to the Penetration Testing Rules of Engagement and fill out the testing notification form.