MS Azureへの『侵入テスト申請書(Penetration Testing Approval Form)』の提出方法について 


Microsoft Azure Trust Center - Security

 

  まず『さっそく申請することにしました。』と書いて、苦戦することおよそ1時間。

そもそもサイトにある『Azureカスタマーサポート(窓口)』を探すのに一苦労した。

 

 MSDNのチャットで問い合わせるが、要領を得ず。そこで自力で、Azure管理画面の中(上方の右)にあるサポートを探してみた。


Microsoft Azure Support Options | Azure

 

 はじめは『サポートの要求』から『技術』と『課金』の選択枝を要求されたが、申請書は、そのどちらにも該当しない(と思った)。そこで再度、サポート窓口で伺うと、サイトにある『Azureカスタマーサポート(窓口)』は存在しないとのこと。

 

 ここでは『課金』を選択し、そこで『チケット』を作成すべしとのアドバイスを得た。次に、チケットを発行すると、以下(プルダウン)の図にあるページに遷移する。そこでメニューにある、2つを選択。(これがコツ)

 

 ① Problem Type [ Legal and Compliance ]

 ② Category  [ Request for penetration testing ] 

 

 最後に、『申請書』をアップロード。(つまり『申請フォーム(Penetration Testing Approval Form)』を添付する必要がある。)

http://download.microsoft.com/download/C/A/1/CA1E438E-CE2F-4659-B1C9-CB14917136B3/Penetration%20Test%20Questionnaire.docx

 

Penetration Testing Process 

Name (Primary contact point)

最初のコンタクト先

Email address

メールアドレス

Phone number

コンタクト先の電話番号

Windows Azure subscription ID

サブスクリプションID

  1. What is the purpose of your test?

I will assist you with the request after obtaining necessary information related to the Microsoft Azure Account and Penetration Testing.I will be additionally engaging our Penetration Test Engineering team for necessary approval.

-  Need to know vulnerability for new environment

-  Confirm that penetration tools (ie. Nessus, Metasploit)

-  Confirm that patch status currently

   2. Who is carrying out the penetration test (Internal Team or Third Party)?

Internal Test Operator:  (former Senior Security Analyst Symantec SOC operation center in Tokyo)

   3. N/A (サードベンダーを利用する場合は書く)

   4.  If you answered Yes, then provide the following information for these tests:

      (日程、時間、ターゲットDNSの記載は、必須)

i.   Target DNS name(s) for the testing
ii.  Test start date and time with time zone (+/- GMT)
iii. Test end date and time with time zone (+/- GMT)

    5. Does your penetration testing exercise include tests other than Standard Tests      (defined below)?   

Brief description of test

List all features that you are targeting (e.g., SQL Azure, Windows Azure storage, Windows Azure Compute)

Target DNS names for testing (*.cloudapp.net)

From where will the test be launched?

(IP address of hosts)

If applicable, name of open source/ commercial tool that will be used

Test start date and time with time zone (+/- GMT)

Test End date and
time with time zone (+/- GMT)

 

           

 

           

 

 6. Additional comments

Implementation schedule to be determined for the virtual environment during Azure configuration. The following standard tests will be subject to expedited review:

1)      Tests on your endpoints to uncover OWASP Top 10 web vulnerabilities

2)      Fuzz testing on your endpoints

3)      SANS 20

 

下部にある『承諾』ボタンを忘れずに。後は、承認の結果を待つのみである。。。

 

First, tell us about the problem you need help with…
 
 
 
 
 
Legal and compliance
I want to request penetration testing.

 

 

Problem Details
 
42  of 200 characters

 

 

 

 

 

 

Determine Severity
 
File Upload  Help
 
 
If you would like to send files to Microsoft, click the button below and then select the files to upload.
  • Penetration Test Questionnaire(Abinitio Researc...Remove
 
 
Your question was successfully submitted to Microsoft. A Microsoft professional will contact you within 8 hours.
Confirmation number: 114091811813068
If you are using a spam blocker tool, make sure that you can receive e-mail messages from *@microsoft.com. You may receive a web survey invitation for this support engagement. Invitations will come from: services.feedback@microsoft.com with the subject line "Microsoft Customer Satisfaction Survey". Surveys may be completed within a week of receiving the email. We look forward to hearing about your experience with our services. Your responses are critical in our effort to continue to provide you with the highest level of service. We understand your time is valuable and appreciate you taking 5 minutes to complete the survey. Thank you for your time!