Pentesting Azimuth

Over the months of December 2024 and January 2025, the Azimuth project was analysed, concentrating on three key areas:

• web application,
• architecture (azimuth-cloud/azimuth and azimuth-cloud/zenith in particular), and
• Kubernetes infrastructure.

The test methodology consisted in pentesting a deployment of Azimuth, with – of course – access to the source code, using the code to dive deeper into features and internal mechanisms.

Solid results

The audit found no critical or high vulnerabilities, only a few low and informational, and noted good hardening practices, both in design and in coding, as well as in deployment.

It is also worth noting the few findings were not exploitable because of good attack surface reduction practices.

This is a great confirmation of the Azimuth team's hard work and thoughtful approach to building a cloud portal designed for science platforms, which often have higher than usual security requirements.

As the custodian and main contributor to the open source Azimuth cloud portal, we have already started implementing the few improvements suggested by Arctic Owl.

Read the report and get involved!

If you'd like to read the whole report for yourself, we are making it publically available today:

Azimuth Cloud Portal security audit report (PDF)

And if you'd like to help build Azimuth, making it an even better solution for easily creating, managing and accessing platforms, join its nascent open source community.

Our thanks go out to Erik at Arctic Owl for his work and the Azimuth team for their ongoing efforts.

Get in touch and try Azimuth

If you would like to get try Azimuth, it is open source software you are free to use. Get in touch if you are interested in support and more, we would love to hear from you. Reach out to us via LinkedIn, Bluesky or directly via our contact page.