SecDevOps for Azure Functions and APIM in Hybrid cloud architecture with Lana Vyshnivetska

Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers

About the speakers

Lana Vyshnivetska

https://www.linkedin.com/in/svitlana-vyshnivetska-4ba4ba10/

Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.

Humans as a Space Faring Civilization | Richard Campbell & Ulysses Maclaren

Join SSW’s General Manager, Ulysses Maclaren in an engaging interview with Arafat Tehsin, an AI MVP with Microsoft, as they delve into the realm of AI beyond chatbots. Arafat shares insights into his innovative project tackling parking sign confusions using multimodal AI. From leveraging Microsoft Project Florence to experimenting with OpenAI’s GPT-3.5, Arafat unveils the journey of building a solution that integrates images and text seamlessly. Discover how advancements in AI are revolutionizing mobile and web app experiences, gamification, personalized recommendations, and even video analysis.

Feature Management Simplified: A Deep Dive into Feature Boards | Matt Wicks & Lars Klint

Join SSW’s Solution Architect Matt Wicks as he dives into the world of feature management with Microsoft Azure MVP, Lars Klint, at NDC Sydney 2024. Explore the innovative approach of feature boards, shifting the responsibility from developers to product owners. Discover how feature toggling transcends the binary realm and adapts to dynamic audience segmentation. With insights into audience providers, SDK usage across multiple languages, and seamless integration into development pipelines, this conversation uncovers a new era of feature management.

Unlocking Domain-Driven Design: Exploring Contextive | Gert Marx & Chris Simon

In this video, join Gert Marx, SSW Solution Architect, as he interviews Chris Simon, Start up CTO Coach, about his open-source project, Contextive. Contextive is inspired by Domain-Driven Design (DDD) principles, particularly focusing on the ubiquitous language aspect. Chris explains how miscommunication between developers and users can lead to issues in software projects, and how Contextive aims to mitigate this by documenting domain terminology.

Navigating Coding, Deployments, and Legacy Projects | Matt Wicks & Ben Dechrai

Join SSW’s Solution Architect Matt Wicks in this interview with Developer Advocate, Ben Dechrai, at NDC Sydney. They explore the world of coding, deployments, and legacy projects as they discuss strategies for managing deployment debt, the importance of keeping infrastructure and code in sync, and navigating through legacy codebases. Learn practical tips for maintaining code cleanliness and optimizing readability, along with valuable insights on levering cognitive complexity to elevate code quality.

TDD: How Fluent Assertions came to be | Luke Parker & Dennis Doomen

Join SSW’s Luke Parker in this insightful interview with Dennis, the author of the Fluent Assertions Library, as they discuss the origins of the library, its evolution, and the principles of Test-Driven Development (TDD). Dennis shares his journey from a small internal project to a widely used open-source tool, emphasizing the importance of self-describing tests and design clarity. Learn how TDD not only enhances code maintainability but also fosters a better understanding of system boundaries and design patterns.

Empowering Developers in the Cloud | Matt Wicks & Magnus Martensson

Join Matt Wicks from SSW TV as he sits down with Jonathan Tower at NDC Sydney to explore the groundbreaking reverse proxy solution, YARP (Yet Another Reverse Proxy). In this insightful interview, Jonathan delves into the inception, features, and diverse applications of YARP, shedding light on its pivotal role in project migrations, feature flagging, AB testing, and more. Discover how YARP simplifies the process of migrating legacy .NET applications to modern frameworks while enabling agile releases and seamless transitions.

From Demo Scene to Cutting-Edge Tech | Jean Thirion & Espen Sande-Larsen

Join us for an interview with SSW’s France CEO, Jean Thirion and Espen Sande-Larsen, also known as Dr. Circuit, as he shares his journey from the demo scene of the ’80s and ’90s to groundbreaking projects in JavaScript and AI. Learn how he pushes the boundaries of technology at a bank’s R&D department, crafting innovative solutions that redefine the future of finance. From quantum physics to generative AI, Espen discusses the fascinating intersection of creativity and technology, offering a glimpse into the exciting possibilities ahead.

YARP: Your Gateway to Effortless Project Migrations | Matt Wicks & Jonathan Tower

Developer Experience with Azure DevBox and Deployment Environments | Matt Wicks & Isaac Levin

SSW’s Solution Architect, Matt Wicks talks with Isaac Levin, Microsoft MVP, about the evolving landscape of developer experiences, focusing on Azure DevBox and Deployment Environments. Isaac discusses the challenges developers face in managing their development environments, especially in large organizations, and highlights the benefits of using Azure DevBox and Deployment Environments to streamline workflows and enhance productivity. He demonstrates how these tools enable developers to quickly set up custom environments, manage resources efficiently, and facilitate seamless collaboration.