Azure Fundamental for Ethical Hackers and Special Ops Team
Fellow MVP and ethical hacker Nino Crudele has released an awesome free whitepaper on the Azure Fundamental for Ethical Hackers and...
Search
Azure Security Center for IoT goes GA
Can't believe I missed this, but Azure Security Center for IoT went GA recently. If you aren't aware of what it is, Azure Security Center...
Getting started with Microsoft Security Risk Detection
Microsoft Security Risk Detection (MSRD) is a Dynamic Security Application Testing (DAST) solution that makes it possible to do fuzzing...
The complete guide to PowerShell punctuation
I was attending an Azure PowerShell deep dive training event this week, and someone pointed to an awesome poster published by RedGate...
Holy cow, STRIDE is now 20 years old! Long live STRIDE.
The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice. I saw an...
How to secure your Azure Functions serverless platform
Microsoft has published a whitepaper that explores the security of the Microsoft serverless platform and the benefits of using the...
Join me in a community launch party for Azure DevOps @ Microsoft!
Celebrate the launch of Azure DevOps with us here in Vancouver! Spend an afternoon following a fictitious but practical real world...
Baking security in with the Secure DevOps for Azure Kit
One of the cool things I see coming out of Microsoft these days is the investment in educating everyone on how to bake security in. Not...
NIST SP 800-171, Azure Security and You
Microsoft has released the Azure Security and Compliance Blueprint for NIST SP 800-171. This Azure Security and Compliance Blueprint...
Using Azure AD Easy Auth with Angular
One of the cool things about Azure AD is how easy they make it to act as an Identity Provider (IdP) for your app services in Azure. One...
How Microsoft is helping you NOT screw up your Azure Secrets on GitHub
OK, so you are building this awesome cloud application and running it on Azure. You are doing a great job of using source control and...
How large scale datasets makes it easier to reveal threats in the cloud
I was thinking about my post last week on how cool the threat intelligence dashboard in the Azure Security Center (ASC) was so cool,...
Understanding and evaluating risk to information assets in your software projects
I was going through some of my old blog posts and came across an old presentation I did on understanding risk to data in software...
Threat modeling your Azure PaaS application
I recently stumbled across an interesting article in the Azure Security documentation on building PCI compliant Payment Processing...
Keep credentials out of code: Introducing Azure AD Managed Service Identity
I've been waiting for this to go public. Last week Microsoft announced the preview of Azure Active Directory Managed Service Identity...
Microsoft introduces more secure defaults for Azure Storage
Now this I like to see! Microsoft has announced that going forward by default encryption will now be turned on for Azure Blobs, Files,...
AI for security: Microsoft Security Risk Detection makes debut
This is why I love the Microsoft Cloud. Microsoft has released a cloud service that uses artificial intelligence to track down bugs in...
Shattering the crystal and poking holes in the black box
Let's shatter the crystal and poke holes in the black box. There has been some banter online which is focused on detailing if Open Source...
Coding Tip: Why you should always use well known SIDs over usernames for security groups
So have you ever tried to restrict access to your applications in a way so that you can maintain least privilege? I do. All the time. And...
BSIMM: Maturing the process of Building Security In - Almost 10 years later
Although software security is still in its infancy, there are several methodologies like Microsoft SDL, OWASP CLASP and Cigital...