So I’ve been working on a half Azure cloud (half web application) penetration test engagement this week.
It’s been multiple Azure Logic Apps and a few other services. Besides the usual source code review, I stumbled onto a great post to start my testing.
It’s called Illogical Apps – Exploring and Exploiting Azure Logic Apps and can be found HERE.
Using this as a starting point I was able to find multiple findings to report on.
They also mentioned their own tool called MicroBurst. It’s a “collection of scripts for assessing Microsoft Azure Security.”
Although most of it’s functionality is out of scope for my current engagement I know I will be using this quite a bit in the future.
It can be found on GitHub HERE