Azure DDoS Testing

Ensure your Microsoft Azure deployment is secure with
simulated DDoS attacks in a controlled environment.

Customized Testing

As an authorized Microsoft Azure Partner, we help validate your DDoS protection and ensure your services or applications continue to function as expected during an attack. We provide simulated controlled DDoS attacks, accompanied by a detailed analysis, and specific recommendations for improvement.

Our DDoS testing service, available to customers with an Azure DDoS Protection Standard plan, is customized to match your Azure deployment infrastructure. So, whether you use Azure CDN, Azure Gateway, or Azure Virtual Machines– we’ll test the attack vectors to maximize the value of your testing.

DDoS Attack Simulation

Our testing service simulates deep multi-vector DDoS attacks:

  • Volumetric attacks. Generating multi-gigabit attack traffic from multiple global locations, we test your ability to withstand extreme and sustained attacks.
  • Application-layer attacks. We overwhelm your web server tier with excessive HTTP/S GET or POST requests that test your resistance to resource exhaustion.
  • Low-and-slow attacks. Using attacks such as SlowLoris, R.U.D.Y., and SSL-Renegotiation, we test your ability to detect low resource attacks.

A Structured, Controlled Process

Using a “white-box” test methodology, we analyze your Azure deployment infrastructure and decide on the most relevant attack vectors to test.

Planning Session

  • Understand your network architecture
  • Define clear goals, attack vectors

Controlled Attack

  • Execute tests with 6 attack vectors
  • Cover the relevant attack categories (volumetric, application-layer, low-and-slow)

Report & Analysis

  • Deliver test results
  • Specify vulnerabilities and recommendations

Get Actionable
Recommendations

Following the DDoS Test, you receive a detailed report containing a full gap analysis outlining the main weaknesses, their severity, and how they should be fixed. See a sample report here.

FAQ

Why do I need testing if Azure provides protection?

There are several reasons. First of all, every digital environment must be tested to ensure full protection. DDoS protection without DDoS testing is like software without QA. Furthermore, while Azure assumes responsibility regarding network or infrastructure attacks, application attacks largely remain your responsibility. There are configurations and actions only you can perform, such as setting rate limits, scanner and probe protection, auto-scaling, and more. And all these application-level measures must, of course, be tested.

Do I need to update Microsoft before the test?

No. Red Button can carry out DDoS tests without notifying the Azure team. This makes the process simpler in many cases, such as, for example, last-minute testing.

Do you also test application level (Layer 7) DDoS attacks?

Yes. Red Button tests all DDoS attacks: network level, application level, low-and-slow, etc.

How long does DDoS testing take?

Testing typically takes 3 hours. A more complicated test can take 6 hours.

Does your testing service include configuration recommendations?

Yes. Following the DDoS penetration tests, we provide you with recommendations specifically tailored for your Azure deployment. You can then decide to implement the recommendations as you see fit.

Can you help us implement the recommendations?

Yes. As a separate service, Red Button also provides support and guidance for implementing our DDoS mitigation recommendations.