Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

 

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers

About the speakers

About the speakers

Lana Vyshnivetska

https://www.linkedin.com/in/svitlana-vyshnivetska-4ba4ba10/

Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.

Related videos

Related videos

Common Mistakes in EF Core with Jernej JK Kavka

JK will show you how to improve your EF Core statements as well as how various configurations impacts the performance and scalability of your application. You’ll be blown away at how small changes can significantly impact not only the performance but also stability of the application.

Speaking Up about Unfairness – with Adam Cogan and Jean Thirion

Adam has a fun chat with SSW Solution Architect Jean Thirion about speaking up in the workplace. This is an important topic to discuss with your employer to make sure you are being treated fairly amongst your co-workers. There are some riveting stories Adam and Jean bring up that demonstrate the importance of always speaking up.

Do you have playlists & custom thumbnails on your YouTube channel?

SSW Chief Architect Adam Cogan shows how to categorize your YouTube channel with playlists and custom thumbnails to maximize user engagement.

Do you use great email signatures?

SSW Chief Architect and Microsoft Regional Director Adam Cogan shows how to setup professional email signatures with a few clicks of a button using CodeTwo.

Get the most out of EF Core by avoiding these common mistakes

Do you know how to get the best performance from your EF Core projects? SSW Senior Software Architect Andreas Lengkeek speaks with SSW Solution Architect Jernej (JK) Kavka about common mistakes on EF Core projects and how to fix them.

Why developers should build their public profile

SSW Chief Architect and Microsoft Regional Director Adam Cogan gives a bootcamp to developers on why they should build their public profile.

Chewing The Fat Review – How ROI affects decision making

SSW Chief Architect Adam Cogan reviews Chewing The Fat feedback from the SSW team on Return on Investment (ROI) best practices. He is joined by SSW Solution Architect Jean Thirion.

Why you should be making the most of extending your AD

https://www.ssw.com.au/rules/extending-AD Do you know how to make the most of your active directory? SSW Chief Architect Adam Cogan talks with SSW Solution Architect Jean Thirion about how to take advantage of extending AD with Microsoft SharePoint. || Subscribe for more content from SSW TV || || Press like and leave a comment below to let…

Chewing The Fat Review – Allowing multiple options on forms

https://www.ssw.com.au/rules/allow-multiple-options SSW Chief Architect Adam Cogan and SSW Senior Software Architect Piers Sinclair review feedback from the SSW team about allowing multiple options on forms instead of making them choose a single option. || Subscribe for more content from SSW TV || || Press like and leave a comment below to let us know how…

Logging in .NET Core can save you hours when debugging

https://www.ssw.com.au/rules/best-trace-logging SSW Solution Architect JK is a battle scared logging in .NET Core veteran. He shows Andreas Lengkeek his best practices for logging, gathered through his years of experience. When setup correctly, logging can save you hours in those moments when your code don’t run as planned. So take some notes on these best practices…