滲透測試Penetration Testing

使用 Azure 進行應用程式測試和部署的其中一個優點是您可以快速建立環境。One of the benefits of using Azure for application testing and deployment is that you can quickly get environments created. 您無需購置、取得和組裝自己的內部部署硬體。You don’t have to worry about requisitioning, acquiring, and “racking and stacking” your own on-premises hardware.

這很好 - 但您仍然需要確定您審慎執行一般的安全性作業。This is great – but you still need to make sure you perform your normal security due diligence. 您可能想要進行的事情之一是滲透測試您所部署的應用程式在 Azure 中。One of the things you likely want to do is penetration test the applications you deploy in Azure.

您可能已經知道 Microsoft 會執行 我們的 Azure 環境的滲透測試You might already know that Microsoft performs penetration testing of our Azure environment. 這有助於促進 Azure 改進。This helps drive Azure improvements.

我們不滲透測試您的應用程式,但我們了解,您會想,需要執行自己的應用程式上測試。We don’t penetration test your application for you, but we do understand that you will want and need to perform testing on your own applications. 這會是不錯的功能,是因為您增強應用程式的安全性時協助讓整個 Azure 生態系統更加安全。That’s a good thing, because when you enhance the security of your applications you help make the entire Azure ecosystem more secure.

截至 2017 年 6 月 15 日起,Microsoft 就不再需要預先核准,才可進行滲透測試對 Azure 資源。As of June 15, 2017, Microsoft no longer requires pre-approval to conduct a penetration test against Azure resources. 要對 Microsoft Azure 正式提出近期滲透測試合作申請的客戶,建議填寫 Azure 服務滲透測試通知單Customers who wish to formally document upcoming penetration testing engagements against Microsoft Azure are encouraged to fill out the Azure Service Penetration Testing Notification form. 此程序僅與 Microsoft Azure 相關,並不適用任何其他 Microsoft 雲端服務。This process is only related to Microsoft Azure, and not applicable to any other Microsoft Cloud Service.

重要

雖然通知 Microsoft 相關的滲透測試活動已不再需要,客戶仍須遵守 Microsoft 雲端整合滲透測試的參與規則While notifying Microsoft of pen testing activities is no longer required customers must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement.

您可以執行的標準測試包括:Standard tests you can perform include:

您不能執行的一種測試是任何種類的 拒絕服務 (DoS) 攻擊。One type of test that you can’t perform is any kind of Denial of Service (DoS) attack. 這包括起始 DoS 攻擊本身,或是執行可能會決定、示範或模擬任何類型的 DoS 攻擊的相關測試。This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate or simulate any type of DoS attack.

後續步驟Next steps

  • 如果您想要正式文件即將推出的滲透測試對您的應用程式裝載在 Microsoft Azure 中,前往滲透測試的參與規則並填妥測試通知格式。If you would like to formally document an upcoming penetration testing against your applications hosted in Microsoft Azure, head on over to the Penetration Testing Rules of Engagement and fill out the testing notification form.