You're reading from Cloud Penetration Testing Learn how to effectively pentest AWS, Azure, and GCP applications

Product type Paperback

Published in Nov 2023

Publisher Packt

ISBN-13 9781803248486

Length 298 pages

Edition 1st Edition

Tools

AWS

Concepts

Cloud Security

Author (1):

Kim Crawley

Preface

1. Part 1: Today’s Cloud Networks and Their Security Implications

2. Chapter 1: How Do Enterprises Utilize and Implement Cloud Networks? FREE CHAPTER

3. Chapter 2: How Are Cloud Networks Cyber Attacked?

4. Chapter 3: Key Concepts for Pentesting Today’s Cloud Networks

5. Part 2: Pentesting AWS

6. Chapter 4: Security Features in AWS

7. Chapter 5: Pentesting AWS Features through Serverless Applications and Tools

8. Chapter 6: Pentesting Containerized Applications in AWS

9. Part 3: Pentesting Microsoft Azure

10. Chapter 7: Security Features in Azure

11. Chapter 8: Pentesting Azure Features through Serverless Applications and Tools

12. Chapter 9: Pentesting Containerized Applications in Azure

13. Part 4: Pentesting GCP

14. Chapter 10: Security Features in GCP

15. Chapter 11: Pentesting GCP Features through Serverless Applications and Tools

16. Chapter 12: Pentesting Containerized Applications in GCP

17. Chapter 13: Best Practices and Summary

18. Index

19. Other Books You May Enjoy

Exploiting Azure applications

Now, let’s run some security tests with the tools we’ve installed.

First, let’s run a default Prowler scan in Azure. The default scan is an effective general vulnerability assessment. Follow these steps:

Launch Azure Cloud Shell and make sure you’re using Bash. At the top left of the Azure Cloud Shell display, there’s a drop-down menu to switch back and forth between PowerShell and Bash. There you go!
I like to just make sure that Prowler is installed properly before I commence a scan. Check the version of Prowler you have with this command:
```
prowler -v
```
Next, let’s see which security checks you can run with Prowler in Azure with this command:
```
prowler azure --list-checks
```
Now, let’s run some of the checks that were listed as a response to the previous command. Make sure --az-cli-auth is at the end of your prowler azure command so that you can execute it with the necessary permissions...