Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

 

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers

About the speakers

About the speakers

Lana Vyshnivetska

https://www.linkedin.com/in/svitlana-vyshnivetska-4ba4ba10/

Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.

Related videos

Related videos

Tech News #26 | Adam Cogan | User Group

Adam Cogan brings you the most important and recent tech news, including the release of .NET 8 preview, updates on Azure Open AI Service, GitHub, and AWS, and the rebranding of Netlify CMS. He also introduces the new, faster version of Microsoft Teams.

Simply Remote Testing with Dev Tunnels | Daniel Mackay | SSW Rules

Find out how to expose a locally running application over the internet for testing and design feedback.

Content Creation 101 – A Creative’s Guide | Richard Campbell and Adam Cogan | Tech Chat

Storytelling and content creation can be daunting and complex endeavour.

Tech News #25 | Adam Cogan | User Group

Microsoft are integrating GPT3 into Teams, Office, Bing basically everything, Gatsby has been acquired and Notepad which was built in 1983, now has tabs, that’s only 40 years all this and more in SSW Tech News

Launch your developer career into space | Piers Sinclair | .NET User Group

There are many different technologies and programming languages to choose from and a vast amount of information to sift through. So, where do you begin?

Spawn an Online Game with Blazor, .NET 7 and Clean Architecture in under 60 minutes | Luke Parker | SSW User Groups

Full Stack Web Developers are commonplace, but what if you were told those very skills can directly translate to building an online game?! 🎮

Master Video Editing Terms with Adam and Eve Cogan | SSW Rules

It’s important for anyone involved to know the basic video editing terms to keep feedback clear and concise.

Boost Productivity: Say Goodbye to Time Wasting with this Simple Trick – No Hello | SSW Rules

Please don’t say just ‘Hello’ in chat. It’s as if you called someone on the phone and said “Hi!” and then put them on hold!

Augmented reality and the future of devices with Richard Campbell and Ulysses Maclaren

Phones have ruled our digital experience for over a decade. But where will we go for information and how will we expect it to be delivered?

Building inclusion into organisations with Sammy Herbert and Penny Walker | NDC Sydney 2022

This session will cover Sammy’s 3-year journey of starting in a small company and building it to become a multi-award winning organisation