And later, when the vulnerability has supposedly been handled, you can also use pentesting to confirm that the fix actually works. pentesting or ethical hacking) to confirm your findings, or even demonstrate the vulnerability to your client, so they understand the severity of the situation if the issue is not fixed.
Then you can do something called penetration testing (a.k.a. I’m simplifying things a lot here, but on a basic level, you go through the scope of the assessment (both manually and with the help of tools) until you find something that makes you think “hmm, this is not exactly how you should do it there could be a vulnerability here”. Thus, applications’ security must be assessed - regularly, I might add, because updates are generally made to software after their go-live.įor Azure solutions, security assessments typically happen by reviewing the application’s documentation, source code, the configurations of the related resources, and even Azure DevOps CI/CD pipelines. I would feel so guilty and ashamed if a security breach ever happened because of a mistake I made or a detail I overlooked. Having developed and architected applications for the past ten years, I’m always concerned about the security of the solutions I build.
I’ll update the instructions as soon as I find the time! The Kali Linux image was recently removed from Azure Marketplace.