Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.
Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.
In this talk – How to mitigate modern security threats using APIM:
– Authorisation Key / Subscriptions
– Overview: what are subscriptions in Azure
– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small
– take advantage of Segregation of Duties model
– Azure Key Vault as a tool to keep your secrets including subscription keys
– Remove technical information from the response
– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy
– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?
– Certificates on APIM
– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments
– Do not allow to call Azure Functions directly – only via APIM
– Logging all calls to APIM and down to Azure Monitor as a consolidated place
– Incidents response procedure
– Use 3rd party tools to tighten security in Azure – such as Netskope
|| Subscribe for more content from SSW TV ||
|| Press like and leave a comment below to let us know how we’re doing ||
Twitter ↴ https://twitter.com/ssw_tv
Facebook ↴ https://www.facebook.com/SSW.page
See more videos at http://tv.ssw.com
For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…
Created by SSW TV | Videos By Developers, For Developers
About the speakers
Lana spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.
JK will show you how to improve your EF Core statements as well as how various configurations impacts the performance and scalability of your application. You’ll be blown away at how small changes can significantly impact not only the performance but also stability of the application.
Adam has a fun chat with SSW Solution Architect Jean Thirion about speaking up in the workplace. This is an important topic to discuss with your employer to make sure you are being treated fairly amongst your co-workers. There are some riveting stories Adam and Jean bring up that demonstrate the importance of always speaking up.
SSW Chief Architect Adam Cogan shows how to categorize your YouTube channel with playlists and custom thumbnails to maximize user engagement.
Do you know how to get the best performance from your EF Core projects? SSW Senior Software Architect Andreas Lengkeek speaks with SSW Solution Architect Jernej (JK) Kavka about common mistakes on EF Core projects and how to fix them.
SSW Chief Architect Adam Cogan reviews Chewing The Fat feedback from the SSW team on Return on Investment (ROI) best practices. He is joined by SSW Solution Architect Jean Thirion.
https://www.ssw.com.au/rules/best-trace-logging SSW Solution Architect JK is a battle scared logging in .NET Core veteran. He shows Andreas Lengkeek his best practices for logging, gathered through his years of experience. When setup correctly, logging can save you hours in those moments when your code don’t run as planned. So take some notes on these best practices…