Tanya Janca from the DevSlop team hosted a live Twitter Chat about how to secure web apps hosted in Azure Storage, with guests Burke Holland and Cecil Phillip! We made a video, check out it!
We chatted on the following questions:
- #Q1 How is a static site, hosted in Azure storage, different than a regular site stored in a VM or App service? What does this mean?
- #Q2 What, exactly, do we mean by a “static” site? When Burke (developer) says static he means X, but when Tanya (security) says it she means Y.
- #Q3 Can a website/web app hosted Azure storage use a gateway like Azure Front door? https://azure.microsoft.com/en-us/services/frontdoor/ What help does that provide? Is it enough?
- #Q4 How do we address security headers when hosting a website in Azure storage?
- #Q5 How can we protect our endpoints (meaning only the main URL can be used to access the app, no direct calls to APIs, the database, etc)?
- #Q6 Besides general security best practices, what other security practices should we take into account specifically when we host in a storage account?
- #Q7 What is 'CORS' and does it make your site secure?
- #Q8 Does the Cosmos DB API prevent against injection attacks?
- #Q9 Does Vue prevent against "stored XSS" attacks automatically? Is that enough?
Discussion