Showing category results for Security

In this post, Premier Dev Consultant Marius Rochon considers scenarios where an application needs to be accessed by users from many sources of authentication (Office 365, owned and operated by Microsoft but whose use is managed separately by many independent organizations is an example of such a resource). It proposes a framework for determining an...

In this post, Sr. App Dev Manager Mark Pazicni lays out the capabilities of Azure Storage Service Encryption (SSE) and Azure Disk Encryption (ADE) to help clarify their applications. With Azure Storage Service Encryption (SSE), your data is just encrypted. New and existing Azure Storage Account are now 256-bit AES encrypted to storage data encr...

Senior Consultant Omar Amin recently posted this article on securing a physical data center.  In this post, he highlights roles and responsibility on security across various hosting options.I don't spend a lot of time talking to customers about physical data center security.As a developer using mostly PaaS or IaaS compute platforms, I just ass...

This post is provided by App Dev Managers Latha Natarajan and Sujith Nair who explore the critical aspect of protecting personal information and the impact of data security failures. This post also discusses the rich set Azure services that Microsoft customers and organizations can use to protect personal data in compliance with GDPR and other regu...

In this post, Premier Developer consultant Lizet Pena De Sola explains Role Based Access Control in ASP.NET MVC. Role Based Access Control in MVC is pretty straight forward. There is also a way to do claims access control, but the most common way is based on roles. To show or hide action links in a view depending on the user role we can use the ...

This post on authentication and authorization is from Premier Developer consultant Marius Rochon.Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token).  However, sometime...

This blog on securing your source code is from Premier Developer consultant Bill Reiss. I saw a question recently about how to protect code in a Xamarin app package. I feel the first question is whether you need to, and not how to do it. The reality is that you can never completely protect your app code, and if someone wants your code bad enough ...

In this post, Senior Application Development Manager, Anand Shukla shares some tips to harden your web server’s SSL/TLS ciphers. I recently worked with a customer who had security requirements to disable the weak RC 4 ciphers from their Windows 2008 and Windows 2003 servers.  The process is little different for Windows 2008 R2 servers and Wi...

In this post, Application Development Managers, Mike Batongbacal and Syed Medhi, introduce the Microsoft Security Risk Detection service formerly known as Project Springfield. Software Security is a Business Imperative In today’s world, the threat of security breaches in computer networks and business software is an all too real possibility. Mor...

In his latest blog post, Premier Developer consultant Najib Zarrari discusses one approach to protecting sensitive information in your application by using VSTS and Azure Key Vault. If you are building a modern application and are following modern design principles, there is a good chance your application is composed of a number of layers and se...