Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Penetration Testing fo...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

Penetration Testing for Dynamics 365 (CRM)

(1) ShareShare
ReportReport
Posted on by Community Member Microsoft Employee

Hello Community,

When it comes to performing "penetration testing" related to security for Dynamics 365 (CRM), are there good recommended best practices, methodologies or tools that we could use to conduct such testing?

If anyone has any relevant experience and could share some insights and pointers, that would be greatly appreciated!

Thank you!

  • Samnoliver Profile Picture
    Samnoliver 2 on at
    Penetration Testing for Dynamics 365 (CRM)
    When it comes to performing penetration testing for Dynamics 365 (CRM), it's crucial to follow best practices to ensure the security of your system. Some recommended methodologies include OWASP's Web Application Penetration Testing guidelines and NIST's framework for security testing. For tools, you can consider using open-source options like OWASP ZAP, Burp Suite, or commercial solutions like Nessus or Qualys for vulnerability scanning. Remember to obtain proper authorization before conducting any testing to avoid legal issues.
    Also, you can try using IP Stresser & IP Booter services. Focus on ethical testing methods to strengthen your system's security.
  • fields Profile Picture
    fields 5 on at
    RE: Penetration Testing for Dynamics 365 (CRM)

    I used the service of a cyber security company for not having such experience

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Penetration Testing for Dynamics 365 (CRM)

    Thanks everyone for all the pointers above!

  • Suggested answer
    Roma Gupta Profile Picture
    Roma Gupta 725 on at
    RE: Penetration Testing for Dynamics 365 (CRM)

    Hi D365 Eric

    Leo & Pankaj have covered almost all the major links.

    Since Dynamics 365 is on Azure AD, I am referring to one of the white paper as well.

    azure.microsoft.com/.../

    Hope this helps.

    Regards

    Roma

  • Pankaj Gogoi Profile Picture
    Pankaj Gogoi 3,177 on at
    RE: Penetration Testing for Dynamics 365 (CRM)

    Hi Eric,

    Apart from the shared links, you can refer these as well.

    https://docs.microsoft.com/en-in/dynamics365/get-started/gdpr/

    https://docs.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns

    Hope this helps

    Best Regards

    PG

  • LeoAlt Profile Picture
    LeoAlt 16,329 on at
    RE: Penetration Testing for Dynamics 365 (CRM)

    Hi partner,

    Please refer to the following links.

    https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement

    https://servicetrust.microsoft.com/ViewPage/TrustDocuments

    https://gallery.technet.microsoft.com/Cloud-Red-Teaming-b837392e

    https://medium.com/tsscyber/xss-in-dynamics-365-25c800aac473

    https://docs.microsoft.com/en-us/azure/security/benchmarks/security-control-penetration-tests-red-team-exercises

    I don't find other ways to do pen test in D365, you could raise an idea to Microsoft about this.

    Regards,

    Leo

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Get batch job history log from D365 FO to Power Automate

Product updates

Dynamics 365 release plans