Dana EppFeb 21 minAzure Fundamental for Ethical Hackers and Special Ops TeamFellow MVP and ethical hacker Nino Crudele has released an awesome free whitepaper on the Azure Fundamental for Ethical Hackers and Speci...
Dana EppSep 4, 20191 minAzure Security Center for IoT goes GACan't believe I missed this, but Azure Security Center for IoT went GA recently. If you aren't aware of what it is, Azure Security Center...
Dana EppAug 15, 20191 minGetting started with Microsoft Security Risk DetectionMicrosoft Security Risk Detection (MSRD) is a Dynamic Security Application Testing (DAST) solution that makes it possible to do fuzzing a...
Dana EppApr 24, 20191 minThe complete guide to PowerShell punctuationI was attending an Azure PowerShell deep dive training event this week, and someone pointed to an awesome poster published by RedGate tha...
Dana EppMar 29, 20191 minHoly cow, STRIDE is now 20 years old! Long live STRIDE.The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice. I saw an art...
Dana EppDec 29, 20181 minHow to secure your Azure Functions serverless platformMicrosoft has published a whitepaper that explores the security of the Microsoft serverless platform and the benefits of using the server...
Dana EppNov 7, 20181 minJoin me in a community launch party for Azure DevOps @ Microsoft!Celebrate the launch of Azure DevOps with us here in Vancouver! Spend an afternoon following a fictitious but practical real world exampl...
Dana EppOct 10, 20181 minBaking security in with the Secure DevOps for Azure KitOne of the cool things I see coming out of Microsoft these days is the investment in educating everyone on how to bake security in. Not j...
Dana EppJul 30, 20181 minNIST SP 800-171, Azure Security and YouMicrosoft has released the Azure Security and Compliance Blueprint for NIST SP 800-171. This Azure Security and Compliance Blueprint prov...
Dana EppMay 18, 20181 minUsing Azure AD Easy Auth with AngularOne of the cool things about Azure AD is how easy they make it to act as an Identity Provider (IdP) for your app services in Azure. One o...
Dana EppFeb 3, 20182 minHow Microsoft is helping you NOT screw up your Azure Secrets on GitHubOK, so you are building this awesome cloud application and running it on Azure. You are doing a great job of using source control and the...
Dana EppJan 16, 20181 minHow large scale datasets makes it easier to reveal threats in the cloudI was thinking about my post last week on how cool the threat intelligence dashboard in the Azure Security Center (ASC) was so cool, rend...
Dana EppDec 1, 20171 minUnderstanding and evaluating risk to information assets in your software projectsI was going through some of my old blog posts and came across an old presentation I did on understanding risk to data in software project...
Dana EppOct 6, 20171 minThreat modeling your Azure PaaS applicationI recently stumbled across an interesting article in the Azure Security documentation on building PCI compliant Payment Processing enviro...
Dana EppSep 22, 20171 minKeep credentials out of code: Introducing Azure AD Managed Service IdentityI've been waiting for this to go public. Last week Microsoft announced the preview of Azure Active Directory Managed Service Identity (MS...
Dana EppAug 31, 20171 minMicrosoft introduces more secure defaults for Azure StorageNow this I like to see! Microsoft has announced that going forward by default encryption will now be turned on for Azure Blobs, Files, Ta...
Dana EppJul 25, 20171 minAI for security: Microsoft Security Risk Detection makes debutThis is why I love the Microsoft Cloud. Microsoft has released a cloud service that uses artificial intelligence to track down bugs in so...
Dana EppJun 14, 20179 minShattering the crystal and poking holes in the black boxLet's shatter the crystal and poke holes in the black box. There has been some banter online which is focused on detailing if Open Source...
Dana EppMay 25, 20172 minCoding Tip: Why you should always use well known SIDs over usernames for security groupsSo have you ever tried to restrict access to your applications in a way so that you can maintain least privilege? I do. All the time. And...
Dana EppMar 22, 20172 minBSIMM: Maturing the process of Building Security In - Almost 10 years laterAlthough software security is still in its infancy, there are several methodologies like Microsoft SDL, OWASP CLASP and Cigital Touchpoin...
