Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

 

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers

About the speakers

About the speakers

Lana Vyshnivetska

https://www.linkedin.com/in/svitlana-vyshnivetska-4ba4ba10/

Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.

Related videos

Related videos

Power Automate Flows with Calum Simpson and Adam Cogan – Long

Power Automate lets power users automate away repeatable manual processes. They can go from zero to hero in under a day!

Sites to Give Your Admin Staff on SharePoint with Warwick Leahy

It’s important for all your SharePoint Sites to be as consistent as possible.

In the days of classic SharePoint, subsites were a popular way of organising your intranet. Modern SharePoint architecture leans toward a flatter hierarchy, where sub-sites are generally not recommended.

Teams and SharePoint Search Bug with Jean Thirion

Not finding stuff you have permissions to is super frustrating. So this one has always confused us…. Do you consider it a bug?

Azure Resource Naming Conventions with Luke Cook

Having inconsistent resource names across projects creates all sorts of pain:
– Struggling to identify resources
– Unsure what to label new resources.
– Risk of duplicating resources

Developing Flexible Authorization Capabilities in ASP.NET Core with Jason Taylor

In this talk, Jason Taylor will demonstrate an approach using permission-based authorization to overcome these limitations by building a flexible approach to managing roles and permissions from within your system. This will improve the maintainability and visibility of access control across your system. Putting the power into the hands of application users and administrators, rather than developers.

SSW 2022 Welcome Back To Office Lunch

On the 4th of February we welcomed everyone back to the office with a fantastic lunch! 🥗

It has been a roller coaster 12 months with restrictions, so it was amazing to see everyone back in the office working side by side again 👏

Tech News: State of JS Survey 2021, AU domains available, GitHub issues changes, .NET 7 preview

Join Adam as he delivers the latest Tech News during our March User Group.

SSW is proud to announce its latest product – The SSW TimeBand!

Our development team spent a few months working really hard on this new product, and Chief Architect Adam Cogan is officially launching it today.

Rules to Better Security with Adam Cogan – The 10 tips CEOs Must Know

Do you know the security best practices for both end-users and SysAdmins?

Join Adam for the 10 tips CEOs must know for both end-users and SysAdmins.

Microservice Solutions with Ocelot on Azure with Patrick Zhao

Learn from Patrick how valuable Ocelot is and see the ins and outs of building an API gateway and protect the services using Azure VNet.