Managed Identity Attack Paths, Part 3: Function Apps securityboulevard.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from securityboulevard.com Daily Mail and Mail on Sunday newspapers.
Intro and Prior WorkIn this three part blog series we are exploring attack paths that emerge out of Managed Identity assignments in three Azure services: Automation Accounts, Logic Apps, and Function Apps.In part 1 we looked at how attack paths emerge out of Automation Account configurations. In part 2 we are looking at Logic Apps.Managed Identity assignments are an extremely effective security control that prevent the accidental exposure of credentials by removing this requirement to store or use credentials in the first place. Instead of storing and sending credentials, Azure knows that your script is allowed to authenticate as a specific Service Principal.You should absolutely be using Managed Identity assignments in Azure instead of storing or accessing credentials.But Managed Identities introduce a new problem: they can quickly create identity-based attack paths in Azure that may lead to escalation of privilege opportunities. In this series we will explore how those attack path