// Comparison

Kubernetes Security vs Pentesting Azure Applications: Which Should You Read?

Two cybersecurity books on Cloud, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52018

Liz Rice, Michael Hausenblas

Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.

Intermediate

3/52018

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

Read this if

Engineers spinning up their first production cluster who need the 99-page distillation of what to do before the first incident. The freely available PDF makes it the obvious 'send to the team' reference for Kubernetes hardening basics.

Cloud pentesters whose scope includes Azure subscriptions. Burrough covers identity (Entra ID), storage account abuse, VM-level recon, key material handling, and the role-based access patterns that drive real Azure post-exploitation.

Skip this if

Readers needing depth on runtime detection, supply-chain integrity, multi-cluster identity, or service-mesh security; the book is deliberately a primer, not a comprehensive reference. By 2026 Pod Security Admission, Gateway API, and signed-image standards have moved past the book's coverage.

Readers focused on AWS or GCP, or anyone wanting current Azure tradecraft. The book pre-dates the current AAD-now-Entra-ID rebrand and several major service updates; treat it as foundational, not current.

Key takeaways

The Kubernetes security model is API-server-centric — most attacks are RBAC and network-policy failures, and the book makes this its spine.
Default-deny network policy is the highest-leverage hardening step in any cluster, and the book's framing of why is the most quotable in print.
Treat it as the on-ramp — once you have the basics, graduate to Kubernetes Security and Observability (Creane / Gupta) and current CNCF guidance.

Azure attack patterns center on identity and roles, not network-level vulnerabilities; the book's framing reflects that.
Storage account misconfigurations remain one of the most common Azure findings; the book's coverage of access-key abuse is still relevant.
Cloud pentest reporting differs meaningfully from network pentest reporting; the book's deliverable templates are useful starting points.

How they compare

We rate Kubernetes Security higher (4/5 against 3/5 for Pentesting Azure Applications). For most readers, that means Kubernetes Security is the primary pick and Pentesting Azure Applications is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Kubernetes Security and Pentesting Azure Applications both cover Cloud, so reading them in sequence reinforces the same material from different angles.

Keep reading

Kubernetes Security

→ Alternatives to Kubernetes Security → What to read after Kubernetes Security