您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

渗透测试Penetration Testing

使用 Azure 进行应用程序测试和部署的一个优点是可快速创建环境。One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. 不必为请求、获取以及“搭架和堆叠”本地硬件担心。You don’t have to worry about requisitioning, acquiring, and “racking and stacking” your own on-premises hardware.

这太棒了,但仍需要确保进行常规安全审慎调查。This is great – but you still need to make sure you perform your normal security due diligence. 你可能想要做的事情之一是渗透测试在 Azure 中部署的应用程序。One of the things you likely want to do is penetration test the applications you deploy in Azure.

用户可能已经知道,Microsoft 将执行对 Azure 环境的渗透测试You might already know that Microsoft performs penetration testing of our Azure environment. 这有助于改进 Azure。This helps drive Azure improvements.

我们不要渗透测试你的应用程序,但我们了解您将希望或需要执行自己的应用程序上进行测试。We don’t penetration test your application for you, but we do understand that you will want and need to perform testing on your own applications. 这是一件好事,因为增强应用程序的安全性可帮助使整个 Azure 生态系统更加安全。That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.

截至 2017 年 6 月 15 日,Microsoft 不再需要预先批准以进行渗透测试针对 Azure 资源。As of June 15, 2017, Microsoft no longer requires pre-approval to conduct a penetration test against Azure resources. 愿意正式记录即将进行的针对 Microsoft Azure 的渗透测试活动的用户,请填写 Azure 服务渗透测试通知表Customers who wish to formally document upcoming penetration testing engagements against Microsoft Azure are encouraged to fill out the Azure Service Penetration Testing Notification form. 本流程仅与 Microsoft Azure 相关,并不适用于任何其他 Microsoft 云服务。This process is only related to Microsoft Azure, and not applicable to any other Microsoft Cloud Service.

重要

虽然参加渗透测试时无需再通知 Microsoft,客户仍须遵守 Microsoft 云统一渗透测试参与规则While notifying Microsoft of pen testing activities is no longer required customers must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.

可以执行的标准测试包括:Standard tests you can perform include:

用户不能执行的一类测试是任何类型的拒绝服务 (DoS) 攻击。One type of test that you can’t perform is any kind of Denial of Service (DoS) attack. 其中包括:发起 DoS 攻击,或者执行相关的测试,以便确定、演示或模拟任何类型的 DoS 攻击。This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate or simulate any type of DoS attack.

后续步骤Next steps

  • 如果你想要正式记录即将进行的渗透测试针对 Microsoft Azure 中托管的应用程序转到渗透测试参与规则和测试通知窗体中填写。If you would like to formally document an upcoming penetration testing against your applications hosted in Microsoft Azure, head on over to the Penetration Testing Rules of Engagement and fill out the testing notification form.