// Comparison

Container Security vs Pentesting Azure Applications: Which Should You Read?

Two cybersecurity books on Cloud, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52020

Fundamentals for Securing Containerized Applications

Liz Rice

Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

Intermediate

3/52018

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

Read this if

Engineers and security people who use containers daily but treat them as boxes. The book is the rare introduction that explains containers as compositions of Linux primitives rather than as a Docker-shaped product, and that is exactly what makes the security argument legible.

Cloud pentesters whose scope includes Azure subscriptions. Burrough covers identity (Entra ID), storage account abuse, VM-level recon, key material handling, and the role-based access patterns that drive real Azure post-exploitation.

Skip this if

Readers needing in-depth Kubernetes, supply-chain (SLSA, in-toto, Sigstore), or cloud-runtime-specific (Fargate, Cloud Run, ECS) coverage; pair with the Kubernetes books and current SLSA documentation. Also light on Wasm-runtime alternatives, which are an increasing fraction of the field.

Readers focused on AWS or GCP, or anyone wanting current Azure tradecraft. The book pre-dates the current AAD-now-Entra-ID rebrand and several major service updates; treat it as foundational, not current.

Key takeaways

A container is not a box; it is a process with curated views of namespaces and resources, and most container vulnerabilities live in the gap between that mental model and the box mental model.
Capability dropping, read-only root filesystems, and seccomp profiles are not optional — Rice makes the case persuasively with concrete examples.
Image-supply-chain hygiene is half the security story; the book pre-dates SLSA but motivates it cleanly.

Azure attack patterns center on identity and roles, not network-level vulnerabilities; the book's framing reflects that.
Storage account misconfigurations remain one of the most common Azure findings; the book's coverage of access-key abuse is still relevant.
Cloud pentest reporting differs meaningfully from network pentest reporting; the book's deliverable templates are useful starting points.

How they compare

We rate Container Security higher (4/5 against 3/5 for Pentesting Azure Applications). For most readers, that means Container Security is the primary pick and Pentesting Azure Applications is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Container Security and Pentesting Azure Applications both cover Cloud, so reading them in sequence reinforces the same material from different angles.

Keep reading

Container Security

→ Alternatives to Container Security → What to read after Container Security