question

SharmaPranav-3189 avatar image
0 Votes"
SharmaPranav-3189 asked JamesTran-MSFT edited

Using Azure Platform to Provide Penetration Testing Services

Hi team,

There's documentation around performing penetration testing "against" Azure platform but my query is regarding performing (legal) penetration testing "using" Azure platform against clients/customers who may/may not be hosting within the Azure platform. Is there any prohibition against any such thing? Is there any guidance for any such thing?

Thanks,
Pranav Sharma

not-supported
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT edited

@SharmaPranav-3189
Thank you for your post and I apologize for the delayed response!

You should be able to reference our Penetration testing documentation for more info along with a Test through simulation tutorial, that will walk you through building an interface where Azure customers can generate traffic against DDoS Protection-enabled public endpoints for simulations.

Additional Link:
Penetration Testing Rules of Engagement


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JamesTran-MSFT , unfortunately what you've provided doesn't help me. As I'd mentioned in my question, what you've referenced is the documentation around performing a penetration test "AGAINST" Azure/Microsoft cloud. I'm looking for information around performing a penetration test "USING" Azure hosted infrastructure.

Hope this clarifies my question.

0 Votes 0 ·

@SharmaPranav-3189
Thank you for the quick follow up on this!

I'm not able to find any documentation when it comes to performing a penetration test using Azure hosted infrastructure. However, I believe if you're following the Microsoft Cloud Unified Penetration Testing Rules of Engagement, I wouldn't see a problem with using Azure hosted infrastructure to perform these tests.

I'd also recommend reaching out to the author/team of the Test through simulations article (bottom of the doc), to see if they would be able to better guide you on this issue.
90024-image.png


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
image.png (6.5 KiB)