DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Understand application security

Understand Azure application endpoints

  • Azure AD supports application integration
  • Integration requires registering an application in Azure AD, including:
    • Application type:
      • Native
      • Web app/API app
    • Sign-in URL (for web app/API apps)
    • Redirect URL (for native apps)

Understand Azure Web App for Containers
Primary characteristics of Azure Web App for Containers:
- Facilitates running Linux and Windows containers in the Web Apps feature of Azure App Service
- Provides Web App features for Docker-based workloads

Understand Application Insights

  • Primary characteristics of Application Insights:
    • Offers an extensible application performance monitoring (APM) service to web developers
    • Provides instrumentation and analytics
    • Collects telemetry data including performance counters, Azure diagnostics, and Docker logs
    • Supports a wide variety of development platforms
  • Application Insights operational model:
    • Developers set up an Application Insights resource in their Azure subscription
    • Developers configure Application Insights–specific instrumentation in their apps
    • Instrumentation collects apps telemetry and sends it to the Application Insights resource
    • Developers can view and analyze information derived from telemetry data in the Azure portal 

Understand API Management

  • Primary characteristics of APIM:
    • Facilitates publishing APIs to external, partner, and internal developers
    • Offers analytics, security, and authentication capabilities
  • APIM operational model:
    • APIM Administrator publishes APIs and offers their collections as products
    • APIM Administrator defines API usage policies
    • Developers subscribe to products
    • Developers call API’s operations
  • APIM components:
    • API gateway: the endpoint accepting API calls, routing them to APIM, enforcing usage policies, providing API protection, and handling logging
    • The Azure portal: the primary administrative interface for APIM
    • Developer portal: the primary interface for developers using APIM

Understand certificates

  • Primary characteristics of certificates:
    • Facilitate a wide range of cryptographic operations, such as:
      • Authentication
      • Encryption
    • Rely on signing to provide validation of a public key:
      • Signed by a CA (recommended)
      • Self-signed
  • Creating certificates by using Key Vault:
    • An admin for a CA provider creates credentials for use by the key vault to enroll and renew certificates
    • An app creates a key in a key vault
    • The key vault sends a signing request to a CA
    • CA responds to the request with a certificate
    • The app polls for certificate request completion Alt text of image

Understand security considerations for application lifecycle management solutions
Microsoft Security Development Lifecycle (SDL) introduces security and privacy considerations throughout the whole development process:
- Provides training
- Defines security requirements
- Defines metrics and compliance reporting
- Performs threat modeling
- Establishes design requirements
- Defines and uses cryptography standards
- Manages security risks from using non-Microsoft components
- Uses approved tools
- Performs static analysis security testing
- Performs dynamic analysis security testing
- Performs penetration testing
- Establishes a standard incident response system

Top comments (0)