O'Reilly logo
live online training icon Live Online training

Application security in Azure

Protect your applications in the cloud

Topic: Web Ops & Performance
Reza Salehi

If your company plans to migrate its mission-critical web applications to Microsoft Azure, you need to make sure the application code and data is as secure as it can be. But where do you start? How, for instance, will you secure the credentials in the code or protect against common web attacks such as SQL injection and XSS?

Join expert Reza Salehi to learn how to use out-of-the-box Azure features to improve the security of your web application code and data. You’ll discover how to protect your web applications against common attacks using Azure Web Application Firewall (WAF); achieve credential-free code using Azure Key Vault and managed identity services (MSI); and control network traffic using network security groups (NSGs).

What you'll learn-and how you can apply it

By the end of this live, hands-on, online course, you’ll understand:

  • How to secure data in transit with secure sockets layer (SSL) and transport layer security (TLS)
  • How to achieve credential-free code
  • How to secure virtual machines in a virtual network (VN)
  • How to secure app services with WAF

And you’ll be able to:

  • Protect communication to your Azure App Service apps with SSL and TLS
  • Achieve credential-free code using Azure Key Vault and MSI
  • Control inbound and outbound virtual machine (VM) traffic with NSGs and application security groups (ASGs)
  • Protect your Azure App Service apps from common attacks using Azure WAF

This training course is for you because...

  • You have applications deployed to the Microsoft Azure cloud.
  • You’re a software developer, engineer, or technical architect.
  • Application security is your concern.

Prerequisites

Familiarity with the Azure Portal and one modern programming language (You’ll use C# in this course.) A basic understanding of application development, SSL, TLS, and networking An Azure subscription (Useful but not required—You can create an Azure free account, which includes a $200 credit to spend on any Azure product in the first 30 days and 12 months of access to selected Free Tier services.)

Recommended follow-up:

About your instructor

  • Reza Salehi is a Microsoft Certified Trainer (MCT). Reza helps his clients move to Azure and AWS clouds while sharing his expertise with fellow developers and engineers through training. He’s passionate about teaching and has delivered in-class, remote, and on-demand courses. He started professional application development with classic ASP, PHP, Adobe Flash, and ActionScript; over his career he’s mostly focused on Microsoft technologies, including the ASP.NET Web API, .NET Core, SQL Server, and the Azure cloud.

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

Azure Key Vault, managed identities, and SSL (55 minutes)

  • Lecture: Azure services, SSL, and TLS (securing data in transit); credential-free code with Azure Key Vault and MSI (removing secrets and keys from your code base); configuring SSL for an Azure App Service; working with Azure Key Vault and MSI
  • Group discussion: SSL, Azure Key Vault, and MSI
  • Hands-on exercise: Use Azure Key Vault
  • Q&A
  • Break (5 minutes)

Securing VMs using NSGs and ASGs (55 minutes)

  • Lecture: Azure VMs and their placement in a VN; securing your VN with NSGs and ASGs; provisioning an Azure VM inside a VN; configuring NSGs and ASGs for your VN
  • Group discussion: Azure VMs and NSGs
  • Hands-on exercise: Configure NSGs for a VN
  • Q&A
  • Break (5 minutes)

Azure WAF (50 minutes)

  • Lecture: Common web attacks overview (SQL-injection, cross-site scripting, bots, crawlers, and scanners, etc.); WAF with Application Gateway and Azure Front Door; configuring Azure WAF for Azure Application Gateway and Azure Front Door
  • Group discussion: Azure WAF
  • Hands-on exercise: Configuring Azure WAF for Azure Application Gateway

Wrap-up and Q&A (10 minutes)