Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

 

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers

About the speakers

About the speakers

Lana Vyshnivetska

https://www.linkedin.com/in/svitlana-vyshnivetska-4ba4ba10/

Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.

Related videos

Related videos

Innovation in a post COVID-19 World with Dr. Joe Perez and Penny Walker | NDC Sydney 2022

Renaissance philosopher and writer Machiavelli has been quoted as saying, “I’m not interested in preserving the status quo; I want to overthrow it.” The importance of respecting personal space and practicing impeccable hygiene aren’t the only lessons learned from COVID-19.

Dev Containers from Microsoft (was Remote Containers) with Piers Sinclair

Want to save time when working with other developers? Then watch Piers explain Dev containers in Visual Studio.

Tech News #21: Arm64 support in .NET 7, Adobe buys Figma

September was a big month for Microsoft with Azure DevOps to Github and the release of .NET MAUI on the back of .NET 7. We talk shop with Github and functionality improvements on Terraform including Pulumi which now supports heaps of languages. We finish up with some new tech from Apple, Microsoft features and end with some laughs about virus protection. Join us and get up to date news at www.ssw.com.au

Is your “Bro culture” scaring people away? with Heather Wilde and Adam Cogan | NDC Melbourne 2022

Inclusion has been proven to have direct, measurable effects on stability and success in businesses, large and small. Indeed, most organisations actively pursue diverse representation in their workplace, but this won’t necessarily ensure that all employees feel included.

Clean Architecture in 5 minutes with Jason Taylor and Piers Sinclair | NDC Melbourne 2022

The explosive growth of web frameworks and the demands of users have changed the approach to building enterprise applications.

Tech News #20: Azure DevOps to Github and announcing .NET 7 Release Candidate 1

September was a big month for Microsoft with Azure DevOps to Github and the release of .NET MAUI on the back of .NET 7. We talk shop with Github and functionality improvements on Terraform including Pulumi which now supports heaps of languages. We finish up with some new tech from Apple, Microsoft features and end with some laughs about virus protection. Join us and get up to date news at www.ssw.com.au

Checking 3rd Party Libraries before Installing with Chris Clement

Efficient software developers don’t reinvent the wheel and know the right libraries to use. Using an already existing and well-tested libraries will speed up development time.

Why Developers Should Care About AI with Matthew Renze and Piers Sinclair- NDC Melbourne 2022

Artificial Intelligence is everywhere! AI is beginning to transform our products, our companies, and our world. However, most software developers have not yet learned how to add these new AI tools to their products and services.

What makes Adam Cogan tick? Michael Jones interviews SSW Chief Architect | NDC Melbourne 2022

Adam Cogan blogs at adamcogan.com and interviews for SSW TV frequently. He is the Chief Architect at SSW, a Microsoft Certified Gold Partner specialising in custom enterprise .NET and Azure solutions mostly using Angular and React. His solutions also involve Office365, SharePoint, Dynamics 365, and Power BI.

Hack the Cat! Cross-Site Scripting (XSS) with Alex Mackey | NDC Melbourne 2022

Technologist Alex Mackey talks about the issue of Cross-Site Scripting (XSS) and gives us a demo.
WARNING: some of these demos would be illegal if performed on-site!
But it’s ok because Alex has set up Hack the Cat so you can try it at home.