![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 17%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,490 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @anguiz7z , the short answer is yes.
Azure App Service infrastructure can be penetration tested. Microsoft allows customers to perform their own penetration tests on their Azure resources without prior approval.
However, there are certain rules of engagement that must be followed. Here are some common types of penetration tests that are allowed:
- Testing for Open Web Application Security Project (OWASP) vulnerabilities.
- Endpoint fuzz testing—trying random inputs to find vulnerabilities.
However, one type of penetration test that you can’t perform is any kind of Denial of Service (DoS) attack. This includes initiating a DoS attack itself, or performing related tests that might determine, demonstrate, or simulate any type of DoS attack It’s important to note that while Microsoft no longer requires pre-approval to conduct a penetration test against Azure resources, customers must still comply with the Microsoft Cloud Unified Penetration Testing Rules of Engagement If you’re unsure about the scope of your penetration test or need further guidance, I recommend reviewing the Azure Penetration Testing Rules of Engagement documentation.
-Grace