Designing and Developing Secure Azure Solutions

Book description

Plan, build, and maintain highly secure Azure applications and workloads

As business-critical applications and workloads move to the Microsoft Azure cloud, they must stand up against dangerous new threats. That means you must build robust security into your designs, use proven best practices across the entire development lifecycle, and combine multiple Azure services to optimize security. Now, a team of leading Azure security experts shows how to do just that. Drawing on extensive experience securing Azure workloads, the authors present a practical tutorial for addressing immediate security challenges, and a definitive design reference to rely on for years. Learn how to make the most of the platform by integrating multiple Azure security technologies at the application and network layers taking you from design and development to testing, deployment, governance, and compliance.

About You

This book is for all Azure application designers, architects, developers, development managers, testers, and everyone who wants to make sure their cloud designs and code are as secure as possible.

Discover powerful new ways to:

  • Improve app / workload security, reduce attack surfaces, and implement zero trust in cloud code

  • Apply security patterns to solve common problems more easily

  • Model threats early, to plan effective mitigations

  • Implement modern identity solutions with OpenID Connect and OAuth2

  • Make the most of Azure monitoring, logging, and Kusto queries

  • Safeguard workloads with Azure Security Benchmark (ASB) best practices

  • Review secure coding principles, write defensive code, fix insecure code, and test code security

  • Leverage Azure cryptography and confidential computing technologies

  • Understand compliance and risk programs

  • Secure CI / CD automated workflows and pipelines

  • Strengthen container and network security

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Pearson’s Commitment to Diversity, Equity, and Inclusion
  5. Dedication Page
  6. Contents at a glance
  7. Contents
  8. Acknowledgments
  9. About the Authors
  10. Foreword
  11. Introduction
    1. Organization of this book
    2. Who should read this book
    3. Conventions and features in this book
    4. System requirements
    5. GitHub Repo
    6. Errata, updates, & book support
    7. Stay in touch
  12. Part I: Security principles
    1. Chapter 1. Secure development lifecycle processes
      1. Developers are the number-one source of compromises
      2. Introducing the Microsoft Security Development Lifecycle
      3. SDL components
      4. SDL tasks by sprint
      5. The human element
      6. Summary
    2. Chapter 2. Secure design
      1. The cloud, DevOps, and security
      2. IaaS vs. PaaS vs. SaaS, and the shared responsibility
      3. Zero trust for developers
      4. Thinking about secure design
      5. Security design principles applied to Azure
      6. Summary
    3. Chapter 3. Security patterns
      1. What is a pattern?
      2. Our take on Azure security patterns
      3. Authentication pattern
      4. Authorization patterns
      5. Secrets management patterns
      6. Sensitive information management patterns
      7. Availability pattern
      8. Summary
    4. Chapter 4. Threat modeling
      1. TL;DR
      2. What is threat modeling?
      3. The four main phases of threat modeling
      4. STRIDE’s threat-classification approach
      5. The trouble with threat modeling
      6. Searching for a better threat modeling process
      7. A better way to perform threat modeling: The five factors
      8. Threat-modeling tools
      9. How to threat model: A real-life example
      10. Summary
    5. Chapter 5. Identity, authentication, and authorization
      1. Identity, authentication, and authorization through a security lens
      2. Authentication vs. authorization vs. identity
      3. Modern identity and access management
      4. Identity: OpenID Connect and OAuth2 fundamentals
      5. Authentication
      6. Authorization
      7. Summary
    6. Chapter 6. Monitoring and auditing
      1. Monitoring, auditing, logging, oh my!
      2. Leveraging the Azure platform
      3. The need for intentional security monitoring and auditing
      4. Summary
    7. Chapter 7. Governance
      1. Governance and the developer
      2. Azure Security Benchmark version 3
      3. Governance enforcement
      4. Microsoft Defender for Cloud
      5. Azure Policy
      6. Summary
    8. Chapter 8. Compliance and risk programs
      1. Something important to get out of way
      2. What is compliance?
      3. Using threat models to drive compliance artifacts
      4. Summary
  13. Part II: Secure implementation
    1. Chapter 9. Secure coding
      1. Insecure code
      2. Rule #1: All input is evil
      3. Verify explicitly
      4. Common vulnerabilities
      5. Comments about using C++
      6. Security code review
      7. Keeping developers honest with fuzz testing
      8. Summary
    2. Chapter 10. Cryptography in Azure
      1. A truth about security
      2. Securing keys
      3. Cryptographic agility
      4. The Microsoft Data Encryption SDK
      5. Azure services and cryptography
      6. Key rotation
      7. Protecting data in transit
      8. Summary
    3. Chapter 11. Confidential computing
      1. What is confidential computing?
      2. Confidential computing processors
      3. Azure Services that use confidential computing
      4. Summary
    4. Chapter 12. Container security
      1. What are containers?
      2. Container-related services on Azure
      3. Problems with containers
      4. Securing container services
      5. Summary
    5. Chapter 13. Database security
      1. Why database security?
      2. Which databases?
      3. Thinking about database security
      4. The SQL Server Family
      5. Security in the SQL Server family
      6. Cosmos DB security
      7. Encryption of data in use: Always Encrypted
      8. SQL injection
      9. Summary
    6. Chapter 14. CI/CD security
      1. What is CI/CD?
      2. CI/CD tools
      3. Source control systems and supply chain attacks
      4. Secrets and service connections
      5. Protecting the main branch in Azure DevOps and GitHub
      6. Protecting the PROD deployment in Azure DevOps and GitHub
      7. Securing deployment agents
      8. Summary
    7. Chapter 15. Network security
      1. Azure networking primer
      2. Landing zones, hubs, and spokes
      3. NVAs and gateways
      4. PaaS and private networking
      5. Azure Kubernetes Service networking
      6. The dangling DNS problem
      7. Summary
  14. Appendix A. Core cryptographic techniques
    1. Why this appendix?
    2. Thinking about cryptography
    3. Symmetric ciphers
    4. Asymmetric ciphers
    5. Hashes
    6. Message authentication codes
    7. Digital signatures
    8. Certificates
    9. Key derivation
    10. Cryptographic vulnerabilities
  15. Index
  16. Code Snippets

Product information

  • Title: Designing and Developing Secure Azure Solutions
  • Author(s): Michael Howard, Simone Curzi, Heinrich Gantenbein
  • Release date: November 2022
  • Publisher(s): Microsoft Press
  • ISBN: 9780137908790