Azure Security Center

ASC threat protection across all services - on prem and in the cloud

• provides recommendations
• monitors
• uses ML to detect and block malware
• Looks at incoming attacks and helps investigate
• Just in time access for network ports

Activating Azure Security Center

Another choice in AZ resources Coverage - shows what is monitored in your subscription If subscription is not covered, you get a prompt Free tier - only Azure resources $15 per month per node for standard tier To disabled, you can downgrade

Inputs and Outputs

Why do we need to validate our input?

SQL injection attacks

When do I need to validate input?

Never trust the user.

Always use parameterized queries

Use @Parameters or a stored proc, do not build SQL statements

Always encode your output

XSS attacks

Secrets in Key Vault

What is Azure Key Vault

see previous notes

Why use a Key Vault for my secrets

Centralized place, logs access and activity

Framework Updates

Choose your framework carefully

Needs to be something that is updated when there are security issues

Keep your framework updated

Apply patches regularly

How do I update my framework?

Depends on framework.
update-package for nuget

Take advantage of built-in security

AIM Auth Data protection

Azure Security Center

Will warn you about things that are out of date.

Safe Dependencies

Keep an eye on the dependencies you bring into an app

Track known security vulnerabilities

Mitre is a non-profit organization that maintains the Common Vulnerabilities and Exposures list

How to verify if you have known vulnerabilities in your third-party components

Automate it.