Designing And Developing Secure Azure Solutions

Author: Michael Howard, Heinrich Gantenbein and Simone Curzi
Publisher: Microsoft
Pages:528
ISBN: 978-0137908752
Print: 013790875X
Kindle:B0BFXG89B6
Audience: Azure developers
Rating: 5
Reviewer: Kay Ewbank

Moving applications to the cloud opens them to a different class of security threats, and this book sets out to explain how to make your azure solutions more secure.

This book is written as a practical tutorial for developers working in Azure with specific reference to security challenges and how to address them in Azure, from design and development to testing, deployment, governance, and compliance.

 

Banner

The first part of the book considers security principles, opening with a chapter looking at secure development lifecycle processes and the components that make up a secure development lifecycle. Having set the scene, the authors then move on to introduce secure design in general and as applied to Azure.

secureazure

Chapter 3 examines security patterns, the definitions of problems that occur repeatedly along with the core of the solution to that problem. This is followed by a meaty chapter on threat modeling with coverage of threat classification systems such as Stride (spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege). The authors also include a look at different threat modeling tools, and a good example of how to model threats.

Chapter 5 considers the security of identity, authentication and authorization. This is another long chapter that takes each of the three areas in turn and looks at how to manage them securely.

Monitoring and auditing is the next topic to be examined with an introduction to Azure's tools for monitoring, auditing and logging. A chapter on governance and how it relates to the developer comes next, mainly concentrating on the Azure Security Benchmark. This opening section ends with a chapter on compliance and risk programs with brief introductions to the various compliance standards you might encounter such as HIPAA, FIPS 140, GDPR and MITRE.

Part Two of the book moves on to secure implementation, starting with a chapter on secure coding. This is a long and well written chapter that makes sense right from the outset with the rule that 'all input is evil'. There's a good look at common vulnerabilities, sensible advice on using C++, and on keeping developers honest with fuzz testing.

The next chapter looks at cryptography in Azure, with sections on securing keys, Azure services and cryptography, and protecting data in transit.

Confidential computing is the topic for the next chapter, with an examination of various confidential computing processors. This is followed by good chapters on container security and database security. The database chapter looks at security in SQL Server, including the control plane and data plane, then moves on to Cosmos DB security.

A chapter on CI/CD security looks at source control systems and supply chain attacks, and the book ends with a chapter on network security that considers topics such as NVAs and gateways, PaaS and private networking, and Kubernetes Service networking. An appendix of core cryptographic techniques brings the book to a close/

This is a well written book that I'd recommend to any developer working with Azure.

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Fundamentals of Database Management Systems

Author: Dr. Mark L. Gillenson
Publisher: Wiley
Pages: 416
ISBN:978-1119907466
Print:1119907462
Audience: Database managers
Rating: 3
Reviewer: Kay Ewbank

This book is aimed at people taking a one-semester course in database management as part of their larger information systems management course. As suc [ ... ]



DevOps For The Desperate

Author: Bradley Smith
Publisher: No Starch
Pages: 176
ISBN: 978-1718502482
Print: 1718502486
Kindle: B09M82VY43
Audience: Developers working in DevOps
Rating: 4.5
Reviewer: Kay Ewbank

Subtitled 'A hands-on survival guide, this book aims to provide software engineers and developers with the basi [ ... ]


More Reviews