Azure Logging/Auditing Series (1) – Activity Logs
Logging and auditing plays a critical role in the security and compliance strategy of any serious organization. Collecting detailed information on events that happened and changes made to resources is the foundation of areas like security monitoring and digital forensics and the Azure platform is not different in this respect. The Azure platform delivers multiple […]
Blind spot fixed! Azure AD new sign-in logs improvement
In a previous blog post on Securing Azure Service Bus, I highlighted the blind spot of not being able to audit sign in events when using Azure AD for Service Bus authentication. This is because the authentication is non-interactive and requires the sender or receiver of the brokered message to use either a service principal […]
Infrastructure as Code Security for Azure (Part 2) – ARM Template Test Toolkit (ARM-TTK)
In the first post of this series, I covered how to use the ARM Template Checker tool (part of the Secure DevOps Kit for Azure) to assess the security of Azure ARM templates in development and CICD stages of Azure IaC implementation. In this second post, I’ll be showing you how to use another FREE tool […]
Infrastructure as Code Security for Azure (Part 1) – Secure DevOps Kit for Azure (AzSK) ARM Template Checker
Infrastructure as code (IaC) is a core component of many modern DevOps adoption. It allows organizations to automate the deployment, scaling, and management of infrastructure, using machine-readable template files. It eliminates manual deployment, configuration, as well as the need to use ad-hoc imperative scripts to automate infrastructure changes. Instead, it allows infrastructure to be managed […]
Azure Blue Team Series: Securing Azure Service Bus
One of the major shifts in application development in recent times is the widespread adoption of microservice-based architecture (message driven or event driven computing). The benefits it offers over a traditional monolithic approach includes flexibility, resilience and scalability. But adopting microservices architecture often creates new risks of its own. The very characteristics that make microservices […]
What?!! Public Blob not allowed on this storage account?!
I was teaching an Azure developer course last week when one of the delegates had issues building some C# code that I tested a few days before. The error message “Public Blob not allowed on this storage account“. My first stop was to review Azure policy and see if there is an offending policy assigned. […]