Skip to main content
Azure Penetration Testing Methodology Hero
Rigorous testing of Microsoft Azure cloud environment to uncover cybersecurity vulnerabilities.

RedTeam Security's Azure Penetration Testing Methodology

Testing in Azure follows RedTeam Security's standard network or web application penetration testing methodology, with some specific modifications focused on testing the Azure environment architecture. RedTeam Security uses PTES as the framework for our comprehensive network penetration testing methodology, and our web application penetration testing focuses on identifying OWASP's Top 10 vulnerabilities. During Azure penetration testing engagements, we utilize many of the same techniques employed for standard penetration testing engagements while also checking for Azure-specific misconfigurations and vulnerabilities. These checks may include testing for publicly accessible storage accounts, improperly scoped Azure role-based access controls (RBACs), weak password policies, guest access, and seeking to penetrate on-premises Windows Active Directory systems synced to the cloud using Azure AD Connect.

RedTeam Security's cloud pen testing includes three different attack vectors within the Azure platform:

  • Testing Applications for flaws that could result in cloud environment compromise.
  • Testing the cloud network directly, whether the servers are set up as exclusively internal only or are hosting externally facing services exposed to the Internet.
  • Authenticated testing for misconfigurations within the Azure portal.

RedTeam Security's penetration testing methodology assesses the cloud security of your environment using a multi-layered approach: Information Gathering, Threat Modeling, Vulnerability Analysis, Exploitation, and Reporting.

Before beginning the assessment of your cloud environment, the pre-engagement phase begins. During the pre-engagement phase, RedTeam will collect the details needed to begin the project. The data elements collected during this step include: testing windows, testing dates, IP addresses, along other relevant information. This phase is crucial as it establishes the overall rules of engagement for your Azure pen testing engagement.

RedTeam will work closely with you to confirm the details needed for the kick-off meeting.  This important work ensures your cloud pen testing will be executed efficiently, effectively, and in accordance with the overall objectives.

Information Gathering

In addition to the data collected during a typical on-premises penetration test, we compile other information needed for Microsoft Azure pen testing, including enumerating publicly accessible services and resources and enumerating principles, roles, and resources connected with the Azure account.

Threat Modeling

Threat modeling is a multi-step process. Initial threat modeling will be done through discussions with you to identify their most important assets to protect. For some companies, this could be financial data. For others, it could be Intellectual Property. For a nonprofit, the most critical asset could be as fundamental as donor trust.

Then, as additional information is collected through information gathering, the threat model is continually refined. This begins with using various security tools to perform automated scans and is followed by using manual testing techniques to dig deeper, uncover, and validate potential vulnerabilities. During the threat-modeling step, assets are identified and categorized into threat categories. These categories could include sensitive documents, trade secrets, or financial information but more commonly consist of technical information found during the previous phase.

Vulnerability Analysis

RedTeam Security will leverage additional automated tools to identify vulnerabilities in the environment, whether a network or a web application, and any enumerate information about principles, roles, subscriptions, resource groups, and resources within the Azure environment and identify security concerns. RedTeam Security will also analyze the account's security by checking the status of configurations like multi-factor authentication and guest access. During this phase, we will develop attack chains based on our initial findings regarding Azure roles and resources. The aim will be to create opportunities to exploit vulnerabilities that allow for privilege escalation, resource misuse, or data exfiltration to achieve the engagement's objectives.

Exploitation

Unlike a vulnerability assessment, a penetration test seeks to act on vulnerabilities to accomplish exploitation. Exploitation involves establishing access to systems by bypassing security controls to determine the real-world effectiveness of your defenses and your actual level of risk. During a RedTeam Security cloud platform penetration test, this phase consists of concerted manual testing tactics and is often quite time intensive.

  • Testing Applications on the Cloud - Testing for applications in Azure begins exactly as it would for a penetration test of an on-premises system and will include testing for f the same OWASP Top 10 vulnerabilities. During testing, RedTeam Security will attempt to gain access to storage accounts and view their contents while recommending practices that will help your organization develop a roadmap toward implementing best practices in storage security. We will also review the security and efficacy of managed and custom policies employed via Azure Web Application Firewall on Azure Application Gateway.
  • Testing Networks in the Cloud - When performing testing on network assets in the cloud, for an internal network test in Azure, RedTeam Security will often use a VPN or Virtual Machine to gain access and begin scanning the network for vulnerabilities. RedTeam Security will attempt to gain credentials or access to the internal servers or devices. For an external network penetration test, RedTeam Security will assess the security of network technologies such as Azure Firewall, Azure VPN Gateway, and other bridging technologies that could provide access to the corporate network. RedTeam Security will attempt to gain access to internal networks by enumerating firewall rules, looking for weak passwords, and uncovering weaknesses in virtual machine configurations.
  • Testing the Azure Portal - RedTeam Security will analyze the security configurations in the Azure Portal using a client provided test-user. Red Team will also assess the security of Azure Role-Based Access Controls in use and other Azure services, such as Azure Key Vault, Azure App Service, and Azure Automation.

Reporting

At RedTeam Security, we consider this phase to be the most important, and we take great care to ensure we've communicated the value of our service and findings thoroughly. Our comprehensive Azure pen testing services will help you ensure that your cloud infrastructure is designed and configured according to best practices. The report will provide an analysis of the current state of your Azure environment and help you prioritize which vulnerabilities to address first and how best to use your budget to maximize strength and resilience in your security posture.

Free Retesting of Remediations

If there are items identified that you choose to remediate, let us know once those remediations are complete, and we will schedule a retest of those remediations. Once the retest is complete, we will issue an updated report.

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at 612-234-7848 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.