This document discusses strategies for securing cloud resources and applications from various types of attacks. It outlines five hypothetical "strikes" or attack scenarios and the corresponding mitigation and remediation steps. These include protecting resources with infrastructure as code, role-based access control, monitoring, private endpoints, and key management. The document concludes with a recap of seven golden rules for security and an overview of Microsoft's physical and virtual security controls for the Azure cloud platform.
Slides (in English, only the first one in Italian) from my session at .NET Conf 2020 (https://dotnetconf.it/) about Kubernetes (AKS) versus Azure App Service for .NET Developers
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
A Reference Architecture to Enable Visibility and Traceability across the Ent...CollabNet
Software development should not be a “black box” to the business, customers or other developers. Instead collaboration across stakeholders should be the norm--business, development and operations teams. Forrester recently reported that 13% of organizations doing Agile link “upstream” agile planning with ‘“downstream” development.
As a result, executives continue to have only limited or no visibility beyond the initial planning stage of what is in a particular release. It’s not their fault, because today’s tools focus on upfront planning and don’t give you visibility into what’s happening in development. Often times that visibility is too late resulting in software that gets delivered and does not meet the customer’s needs.
Join CollabNet’s most experienced senior solution architects as they explain how you can you gain real time visibility into all stages of the development process—from ideation into production through deployment. Imagine what can your teams get done if all stakeholders are able to collaborate together and view real time feeds into all stages of the delivery pipelines within a single easy-to-use system.
Who Should attend:
Any executive or manager interested in learning how to get traceability and visibility across the enterprise-- particularly, into the build and release management functions of their application lifecycle.
What will be covered:
An enterprise-scalable reference architecture for CI, CD, and DevOps
The importance of build management, release management and application release automation integration
A blueprint for scaling business agility across a large development organization How does CollabNet help organizations solve these problems
A demonstration of TeamForge’s capabilities using Git/Gerrit, Code Review, Jenkins, Nexus, Artifactory, Chef and Automic
Slides (in English, only the first one in Italian) from my session at .NET Conf 2020 (https://dotnetconf.it/) about Kubernetes (AKS) versus Azure App Service for .NET Developers
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
A Reference Architecture to Enable Visibility and Traceability across the Ent...CollabNet
Software development should not be a “black box” to the business, customers or other developers. Instead collaboration across stakeholders should be the norm--business, development and operations teams. Forrester recently reported that 13% of organizations doing Agile link “upstream” agile planning with ‘“downstream” development.
As a result, executives continue to have only limited or no visibility beyond the initial planning stage of what is in a particular release. It’s not their fault, because today’s tools focus on upfront planning and don’t give you visibility into what’s happening in development. Often times that visibility is too late resulting in software that gets delivered and does not meet the customer’s needs.
Join CollabNet’s most experienced senior solution architects as they explain how you can you gain real time visibility into all stages of the development process—from ideation into production through deployment. Imagine what can your teams get done if all stakeholders are able to collaborate together and view real time feeds into all stages of the delivery pipelines within a single easy-to-use system.
Who Should attend:
Any executive or manager interested in learning how to get traceability and visibility across the enterprise-- particularly, into the build and release management functions of their application lifecycle.
What will be covered:
An enterprise-scalable reference architecture for CI, CD, and DevOps
The importance of build management, release management and application release automation integration
A blueprint for scaling business agility across a large development organization How does CollabNet help organizations solve these problems
A demonstration of TeamForge’s capabilities using Git/Gerrit, Code Review, Jenkins, Nexus, Artifactory, Chef and Automic
Azure DevOps: the future of integration and traceabilityLorenzo Barbieri
Slides I presented at Landing Festival in Berlin, on April, 3rd 2019 about Azure DevOps features, its integration with GitHub and possible integrations with OSS and 3rd party tools.
All Around Azure: DevOps with GitHub - Managing the Flow of WorkDavide Benvegnù
Let's see how to use GitHub and Azure DevOps together to manage the flow of work.
DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows.
This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly.
Building a Service Delivery Platform - JCICPH 2014Andreas Rehn
This talk will walk through the critical parts of a tool chain that forms the service delivery platform, a robust, secure solution with Jenkins as the main orchestrator that scales with many teams and hundreds of pipelines. I will show a tool chain with Git, Jenkins, Jenkins Job Builder, Puppet, Graphite, Logstash and more that is proven in battle. I will share insights and details on good ways of building a platform for pipelines that recognizes the individual teams needs for fast feedback, traceability and visibility in the delivery process.
Leveraging Azure DevOps across the EnterpriseAndrew Kelleher
In this presentation we exploring how teams across the enterprise can leverage Azure DevOps' by diving into its different capabilities and services. Specifically in the context of Azure platform teams that can leverage agile and DevOps practices when deploying and supporting services within Azure.
As our team started to embark on this journey around ChatOps, we found that the need to manage deployments in the cloud was a common pain point for other DevOps practitioners. Our goal was to gravitate to a community that thrived in a DevOps mentality and shared the same visions we had around managing our Cloud Foundry-based deployments in IBM Bluemix. This presentation walks you through the work that was done around Cognitive ChatOps.
This is an overview of Azure Artifacts and how you can add a fully integrated package management to your continuous integration/continuous delivery (CI/CD) pipelines with a single click. Azure Artifacts allows you to share your code effortlessly by creating and sharing Maven, npm, and NuGet package feeds from public and private sources.
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anything to Anywhere with Azure DevOps
Janusz Nowak
@jnowwwak
https://www.linkedin.com/in/janono
https://github.com/janusznowak
https://blog.janono.pl
You will learn about source control principles and source control systems. You will also learn about Azure repositories, migrating strategies and authentication options.
Azure DevOps for .NET - Fall into the Pit of Success, .NET Conf 2019Jeffrey Palermo
Azure DevOps Services and all of the automation involved for a complete DevOps environment can be daunting. In this talk, Jeffrey Palermo provides prescriptive guidance for developers to fall into the "pit of success" when creating automated DevOps pipelines for complex .NET apps targeting Azure.
Azure DevOps offers many tools that you can choose from to augment your DevOps practices. Whether you are delivering software on-prem or in the cloud, building OSS or commercial solutions, using .NET, Java, Swift or any other language, you should see what Azure DevOps has to offer.
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?Lorenzo Barbieri
Security can be applied at various levels. We’ll see the adventure of two friends building a web solution, but one of them is trying to sabotage from the inside. We’ll see if the loyal friend will succeed in protecting all the work, and how the solution should evolve to be more secure!
Azure DevOps: the future of integration and traceabilityLorenzo Barbieri
Slides I presented at Landing Festival in Berlin, on April, 3rd 2019 about Azure DevOps features, its integration with GitHub and possible integrations with OSS and 3rd party tools.
All Around Azure: DevOps with GitHub - Managing the Flow of WorkDavide Benvegnù
Let's see how to use GitHub and Azure DevOps together to manage the flow of work.
DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows.
This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly.
Building a Service Delivery Platform - JCICPH 2014Andreas Rehn
This talk will walk through the critical parts of a tool chain that forms the service delivery platform, a robust, secure solution with Jenkins as the main orchestrator that scales with many teams and hundreds of pipelines. I will show a tool chain with Git, Jenkins, Jenkins Job Builder, Puppet, Graphite, Logstash and more that is proven in battle. I will share insights and details on good ways of building a platform for pipelines that recognizes the individual teams needs for fast feedback, traceability and visibility in the delivery process.
Leveraging Azure DevOps across the EnterpriseAndrew Kelleher
In this presentation we exploring how teams across the enterprise can leverage Azure DevOps' by diving into its different capabilities and services. Specifically in the context of Azure platform teams that can leverage agile and DevOps practices when deploying and supporting services within Azure.
As our team started to embark on this journey around ChatOps, we found that the need to manage deployments in the cloud was a common pain point for other DevOps practitioners. Our goal was to gravitate to a community that thrived in a DevOps mentality and shared the same visions we had around managing our Cloud Foundry-based deployments in IBM Bluemix. This presentation walks you through the work that was done around Cognitive ChatOps.
This is an overview of Azure Artifacts and how you can add a fully integrated package management to your continuous integration/continuous delivery (CI/CD) pipelines with a single click. Azure Artifacts allows you to share your code effortlessly by creating and sharing Maven, npm, and NuGet package feeds from public and private sources.
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anything to Anywhere with Azure DevOps
Janusz Nowak
@jnowwwak
https://www.linkedin.com/in/janono
https://github.com/janusznowak
https://blog.janono.pl
You will learn about source control principles and source control systems. You will also learn about Azure repositories, migrating strategies and authentication options.
Azure DevOps for .NET - Fall into the Pit of Success, .NET Conf 2019Jeffrey Palermo
Azure DevOps Services and all of the automation involved for a complete DevOps environment can be daunting. In this talk, Jeffrey Palermo provides prescriptive guidance for developers to fall into the "pit of success" when creating automated DevOps pipelines for complex .NET apps targeting Azure.
Azure DevOps offers many tools that you can choose from to augment your DevOps practices. Whether you are delivering software on-prem or in the cloud, building OSS or commercial solutions, using .NET, Java, Swift or any other language, you should see what Azure DevOps has to offer.
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?Lorenzo Barbieri
Security can be applied at various levels. We’ll see the adventure of two friends building a web solution, but one of them is trying to sabotage from the inside. We’ll see if the loyal friend will succeed in protecting all the work, and how the solution should evolve to be more secure!
Especially in small companies, you're often expected to be the end-to-end developer and handle everything from the database to the user interface. This was easy enough in the old days when the UI was little more than a table-based-layout with some sliced graphics. But now with the latest technologies, the front end is becoming just as complex as the back end. In order to get the job done you need to rely more and more upon an ever growing, endless mountain of JavaScript libraries, plugins and boilerplates. Or maybe... you just need a front end developer.
Trusted by Default: The Forge Security & Privacy ModelAtlassian
Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products.
In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place.
Developers or attendees with some software security experience will get the most out of this session.
Build Web Applications using Microservices on Node.js and Serverless AWSMitoc Group
This session describes the underlying architecture behind www.deep.mg, the microservices marketplace built by Mitoc Group and powered by abstracted services from AWS like Amazon S3, AWS Lambda, and Amazon DynamoDB. Eugene Istrati, the CTO of Mitoc Group, will dive deep into their approach to microservices architecture on serverless AWS and demonstrate how anyone can build web apps that achieve high scalability, high availability, and high performance without huge efforts or expensive resources allocation.
The Hotstar web team attended JSFoo 2017 conference. Here are some of the key takeaways. Some of the technologies excited us and some we believe have a business impact.
Applying Advanced Techniques to Azure Web AppsRoy Kim
A lap around 4 advanced techniques or services to complement an Azure Web App solution.
Application Gateway with Web Application Firewall
Azure SQL VNet Integration with (ASE v2)
Azure CDN
Auto Scale & Visual Studio Load Testing
As your use of the AWS platform matures and evolves you need to be continuously looking at ways to improve your security posture and take advantage of new security services and features. In this advanced technical session we will share architecture patterns for different workloads, IAM policy tips & tricks, how to implement security automation and for forensics. Be prepared for a technically deep session on AWS security.
Speaker: Ben Potter, AWS Cloud Security Consultant, Amazon Web Services
Microservices Architecture for Web Applications using Amazon AWS CloudMitoc Group
Large Web Applications are by nature resource intensive, expensive to customize, and difficult to manage at scale. What if we can change this perception and help developers architect a web application that is high performance and low cost, high security and low maintenance? This talk will focus on 3 key topics: 1) serverless infrastructure, 2) microservices architecture and 3) hands-on demos. We will describe a serverless solution and propose a scalable architecture that will help Generator Hub community to adopt cloud-native approach without huge efforts or expensive resources allocation.
Adobe AEM Managed Services started deploying Production AEM workloads on Azure in Nov 2017. In this session, we will share our learnings and offer advice to those thinking about deploying their AEM workloads on Azure.
Microservices Architecture for Web Applications using AWS Lambda and moreMitoc Group
Digital platforms are by nature resource intensive, expensive to build, and difficult to manage at scale. What if we can change this perception and help developers architect a digital platform that is low cost and low maintenance, highly secure and highly performant? This session describes the underlying architecture behind www.deep.mg, the microservices marketplace built by Mitoc Group and powered by AWS abstracted services like AWS Lambda, Amazon CloudFront, and Amazon DynamoDB.
Eugene Istrati, Technology Partner at Mitoc Group will dive deep into their approach to microservices architecture on serverless environments and demonstrate how anyone can architect AWS abstracted services to achieve high scalability, high availability, and high performance without huge efforts or expensive resources allocation.
Architecting Multitenant SaaS Applications with Azure - Microsoft Ignite The ...Eran Stiller
Multitenancy is a software architecture pattern in which a single instance of software serves multiple groups of users (known as tenants or organizations). Many modern SaaS applications use this pattern to serve their customers with maximum efficiency while maintaining operational costs low. But how do you build a multitenant application right? How do you secure one tenant's information from another tenant's users? How do you keep operational costs low? How do you monitor and manage this stuff?
In this session you will gain architecture practices for architecting multitenant SaaS applications, learnt from migrating real applications to the cloud so that you won't have to learn them the hard way, with implementation tips and tricks on Azure.
Want to learn how to use OpenAI language models, including GPT-4, GPT-35-Turbo, and Embedings, to create innovative and smart applications? Join this event and learn how Azure OpenAI gives you access to the world’s most advanced language models with a simple interface and optimal scalability. You’ll see how to use Azure OpenAI Studio to explore and optimize models, and how to integrate them into your code.
Working remotely can present many challenges for programming and development teams. Luckily, there are several tools for remote software developers that can overcome these obstacles to keep collaboration and productivity high and costs and problems low.
We will discuss about:
• GitHub Copilot
• Microsoft Dev Box
• GitHub Codespaces
• Visual Studio Live Share
• Azure DevTest Labs
Personal Branding for Developers @ PyCon Italy 2023Lorenzo Barbieri
Personal branding is crucial for developers, as it helps them to showcase their skills and abilities to potential employers and clients, both online and in-person. Building a strong personal brand can be achieved through various means, including creating an online presence, maintaining a portfolio, participating in online communities, as well as in-person networking events, industry conferences, and speaking at meetups.
In this session we’ll see with concrete examples how to stand out in the market.
Slides from my webinar for "Road to Codemotion" on September 30th, about personal branding for developers, why is it important, and how you can leverage it.
Public Speaking For Geeks: Work from Home Edition!Lorenzo Barbieri
Speaking in public is not easy, especially for geeks, that tend to be too technical, or too shy, or too something...
Speaking in public REMOTELY is even worse.
In this session, we'll start with some basic tips, and we'll see how to dramatically improve our results using well-defined techniques.
Public speaking skills are not useful to conference speakers only, and everybody needs to improve them, especially geeks working from home!
Public Speaking for Geeks @ MS Ignite The Tour MilanLorenzo Barbieri
The new version of the "world-famous" Public Speaking for Geeks session. This is the version I did at Microsoft Ignite The Tour in Milan, with a lot of fresh content, including diversity & inclusion topics.
Slides from the session I did at Azure Day 11/2019 in Rome about my transition into the Cloud Solutions Architect role, what I've learned, and the future :-)
Advanced Serverless Computing in Azure: not another "Hello serverless World"!Lorenzo Barbieri
Slides from the session about Azure Serverless (Functions, Durable Functions, Logic Apps, Event Grid) that I delivered at MCT Summit 2019 Europe in Vilnius.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
1.
2. EVERYTHING STARTS WITH A “GOOD”
ARCHITECTURE
RG for
- Dev-Test
- Production
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
3. 1ST STRIKE
The case of
disappearing
resources
Attack
one!
Destroy
‘em all!
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
RG for
- Dev-Test
- Production
4. MITIGATION
Infrastructure as Code:
• Script & Backup everything
• ARM & Azure Policy
PaaS safeguards:
o AzureWeb App Undelete
o SQL Point in time restore
o Blob Storage restore
Azure DevOps or GitHub
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
RG for
- Dev-Test
- Production
6. 2ND STRIKE
The case of
unexpected
load
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
Attack
two…o…o…
oooo!
$$$
$
RG for
- Dev-Test
- Production
7. MITIGATION
o Alert rules and
monitoring
o IP restrictions (i.e.,
web.config) OR
Private Endpoint
o Functions in App Service
Plan
o GB*s daily quota
o App Service Diagnostics
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
RG for
- Dev-Test
- Production
9. 3RD STRIKE
The case of
data and
storage loss
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Attack
three!
I know your
secrets!
Photo resize
+web.config
RG for
- Dev-Test
- Production
10. MITIGATION
o Key rotation
o Least user privilege
(DB)
o Alert
Web UI
Users
Photos URLs
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
RG for
- Dev-Test
- Production
11. REMEDIATION
o SQL DB Firewall
o VNET Storage
o Private Endpoint
o Managed Service
Identity
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
o Handle Disconnect
RG for
- Dev-Test
- Production
12. 4TH STRIKE
The case of
being Gitted
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Fourth
Attack!
Keys from
the
octocat!
Photo resize
+web.config
RG for
- Dev-Test
- Production
13. REMEDIATION
o Move all the keys to a
secure path
o Use Azure Pipelines or
GitHub Actions to set
them before deployment
o Azure KeyVault
o Managed Service
Identity
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
?
RG for
- Dev-Test
- Production
14. >_
SSH
5TH STRIKE
The case of
remote
connections
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Remote
Attack!
Photo resize
+web.config
>_
SSH
RG for
- Dev-Test
- Production
15. MITIGATION
o Patching and security
policies
o Azure Security
Center
Not only forVMs, could check networks,
App Services, Blob Storage, SQL, etc…
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
>_
SSH
RG for
- Dev-Test
- Production
16. REMEDIATION
o Network Security
Groups
o VNET
o Private Endpoint
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
>_
SSH
RG for
- Dev-Test
- Production
17. A BETTER ARCHITECTURE
Web UI
Users
Photos URLs
+SQL DB Firewall
RAW Photos
Thumbnails
Watermarking
Photo resize
+web.config
RG for
- Dev-Test
- Production
18. RECAP – THE 7 GOLDEN RULES
• Script everything
• Backup everything
• Least user privilege
• Trust no one
• Monitor everything
• Assume cloud failure
• Protect your secrets
20. Two-factor
authentication
with biometrics
Employee &
contractor vetting
Metal
detectors
Video coverage
rack front & back
Inability to identify
location of specific
customer data
Secure
destruction bins
Ongoing
roaming patrols
Video
coverage
Ongoing
roaming patrols
Front
entrance gate
1 defined
access point
Video
coverage
Perimeter
fencing
Two-factor
authentication
with biometrics
Video
coverage
No building
signage
24x7x365
security operations
Verified single
person entry
Ongoing
roaming patrols
Background
check
System
check
PHYSICAL DATACENTER SECURITY
Access
approval
Perimeter
Building
Server
environment
21. VIRTUAL MACHINES APPLICATIONS STORAGE & DATABASES
PROTECT DATA AND COMMUNICATIONS
Enable built-in encryption across resources
Azure Storage Service Encryption
Azure Disk Encryption
SQL TDE/Always Encrypted
Encrypt data while in use
Azure confidential computing
Use delegated access to storage objects
Shared Access Signature enables more granular access control
Use a key management system
Keep keys in a hardware HSM/don’t store key in apps/GitHub
Use one KeyVault per security boundary/per app/per region
Monitor/audit key usage-pipe information into SIEM for
analysis/threat detection
Use KeyVault to enroll and automatically renew certificates
23. APP SERVICE DIAGNOSTICS
• An interactive and intelligent experience for self-
troubleshooting your app issues
• What does that actually mean?
• 🔒Diagnose and troubleshoot your app issues and
learn about best practices
• 🎨Use Genie to guide you through each problem
category tile
• 📈 Intelligent search capabilities
• 🌏Straight out-of-the box, no extra configuration
necessary