Application Security in Azure
Protect your applications in the cloud
Your company is migrating its mission critical web applications to Microsoft Azure and you need to make sure the application code and data is as secure as it can be. Where would you start from? How would you secure the credentials in the code? How about protecting against common web attacks such as SQL injection and XSS?
In this course, you will use out-of-the-box Azure features to improve the security of your web application code and data. You will see how to use Azure WAF to protect your web applications against common attacks such as XSS and SQL injection. You will achieve credential-free code by using Azure Key Vault and Managed Identity services and finally you will control network traffic using NSGs (Network Security Groups).
What you'll learn-and how you can apply it
By the end of this live, hands-on, online course, you’ll understand:
- How to secure data in transit with SSL/TLS
- How to achieve credential-free code
- How to secure virtual machines in a Virtual Network
- How to secure app services with WAF (Web Application Firewall)
And you’ll be able to:
- Protect communication to your Azure App Services with SSL/TLS
- Achieve credential-free code using Azure Key Vault and Azure Managed Identities (MSI)
- Control inbound and outbound VM traffic with Network Security Groups (NSGs & ASGs)
- Protect your Azure App Service from common attacks using Azure WAF (Web Application Firewall)
This training course is for you because...
- You have applications deployed to the Microsoft Azure cloud.
- You’re a software developer, engineer or technical architect.
- Application security is your concern.
- Familiarity with the Azure Portal.
- Familiarity with one modern programming language. (We will use C#)
- Basic understanding of application development, SSL/TLS and networking.
- To follow along and take part in the course exercises (optional), you'll need an Azure subscription. You can create an Azure free account that gives you 30 days to spend $200 USD credit on any Azure product and 12 months of access to selected Free Tier services.
About your instructor
Reza Salehi is a Microsoft Certified Trainer (MCT). Reza helps his clients move to Azure and AWS clouds while sharing his expertise with fellow developers and engineers through training. He’s passionate about teaching and has delivered in-class, remote, and on-demand courses. He started professional application development with classic ASP, PHP, Adobe Flash, and ActionScript; over his career he’s mostly focused on Microsoft technologies, including the ASP.NET Web API, .NET Core, SQL Server, and the Azure cloud.
The timeframes are only estimates and may vary according to how the class is progressing
Azure Key Vault, Managed Identities and SSL (60 minutes)
- Presentation: Azure services and SSL/TLS (securing data in transit)
- Presentation: Credential-free code with Azure Key Vault and Managed Identities/MSI (remove secrets and keys from your codebase)
- Discussion: SSL, Azure Key Vault and MSI
- Demonstration: Configuring SSL for an Azure App Service
- Demonstration: Working with Azure Key Vault and Managed Identities (MSI)
- Exercise: Azure Key Vault in action
- Break (5 minutes)
Securing VMs using Network Security Groups (NSGs & ASGs) (60 minutes)
- Presentation: Understanding Azure Virtual Machines and their placement in a Virtual Network (VN)
- Presentation: Securing your VN with Network Security Groups & Application Security Groups
- Discussion: Azure VMs and NSGs
- Demonstration: Provisioning an Azure VM inside a VN
- Demonstration: Configuring NSGs and ASGs for our VN
- Exercise: Configuring NSGs for a VN
- Break (5 minutes)
Azure WAF (Web Application Firewall) (60 minutes)
- Presentation: Common web attacks overview (SQL-injection, cross-site scripting, bots, crawlers, and scanners, etc.)
- Presentation: Web Application Firewall (WAF) with Application Gateway and Azure Front Door
- Discussion: Azure WAF
- Demonstration: Configuring Azure WAF for Azure Application Gateway and Azure Front Door
- Exercise: Configuring Azure WAF for Azure Application Gateway
- Q&A and wrap up