// Comparison

Pentesting Azure Applications vs Sécurité informatique - Ethical Hacking: Which Should You Read?

Two cybersecurity books on Pentesting, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

3/52018

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

Intermediate

4/52022

Sécurité informatique - Ethical Hacking

Apprendre l'attaque pour mieux se défendre

ACISSI

The French-language reference for offensive security: a thick, lab-heavy tour of the attacker's toolkit, maintained across editions by the ACISSI collective under the motto “learn the attack to better defend.”

Read this if

Cloud pentesters whose scope includes Azure subscriptions. Burrough covers identity (Entra ID), storage account abuse, VM-level recon, key material handling, and the role-based access patterns that drive real Azure post-exploitation.

French-speaking students and aspiring pentesters who want one comprehensive offensive-security manual: reconnaissance, network and web attacks, social engineering, forensics and Metasploit, all hands-on. The closest French equivalent to the English pentest canon.

Skip this if

Readers focused on AWS or GCP, or anyone wanting current Azure tradecraft. The book pre-dates the current AAD-now-Entra-ID rebrand and several major service updates; treat it as foundational, not current.

Advanced practitioners who already work in English and live in PortSwigger Academy and current tooling. The breadth means each topic is an introduction rather than a deep dive, and editions lag the fastest-moving tradecraft.

Key takeaways

Azure attack patterns center on identity and roles, not network-level vulnerabilities; the book's framing reflects that.
Storage account misconfigurations remain one of the most common Azure findings; the book's coverage of access-key abuse is still relevant.
Cloud pentest reporting differs meaningfully from network pentest reporting; the book's deliverable templates are useful starting points.

The single most complete offensive-security book in French — breadth is the selling point, covering recon through forensics in one volume.
Every chapter is exercise-driven; treated as a workbook with a lab VM it teaches well, read passively it teaches little.
Multi-author and re-edited regularly, so quality is uneven chapter to chapter but currency beats most French tech books.

How they compare

We rate Sécurité informatique - Ethical Hacking higher (4/5 against 3/5 for Pentesting Azure Applications). For most readers, that means Sécurité informatique - Ethical Hacking is the primary pick and Pentesting Azure Applications is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Pentesting Azure Applications and Sécurité informatique - Ethical Hacking both cover Pentesting, Offensive, so reading them in sequence reinforces the same material from different angles.

Keep reading