MSRD is a self-service, AI-powered Dynamic Application Security Testing service that optimizes your web development cycle to identify and remediate bugs and security risks as they’re introduced into the codebase – not after they are already in production.
Azure Trust Center should be your first destination for our compliance offerings. Did you know independent audit reports along with Azure compliance offerings can be found there? This documentation is a free, but protected resource for those that utilize Microsoft cloud services (Azure, Office 365, Dynamics 365, etc.). Compliance documentation for HITrust, HIPPA/HITECH, FedRAMP, CSA CCM and many others are stored here.
Senior Consultant Omar Amin recently posted this article on securing a physical data center. In this post, he highlights roles and responsibility on security across various hosting options.
I don’t spend a lot of time talking to customers about physical data center security.
This post is provided by App Dev Managers Latha Natarajan and Sujith Nair who explore the critical aspect of protecting personal information and the impact of data security failures. This post also discusses the rich set Azure services that Microsoft customers and organizations can use to protect personal data in compliance with GDPR and other regulations for various parts of the world.
Laurie Atkinson, Premier Developer Consultant, shows us how to customize the behavior of an Angular app based on the user’s permissions. This includes page navigation, hiding and disabling of UI elements, and generation of menus.
Applications often include requirements to customize their appearance and behavior based on the user’s role or permission.
This post on Application Insights and protecting your instrumentation key comes to us from Premier Developer consultant Adel Ghabboun.
Application Insights instrumentation key can be used in both Server and client side. Using the instrumentation key in the server side is secured and no one can see it.
In this article from his blog, Premier Developer consultant Razi Rais covers some of the basics of a powerful security & privacy tool – homomorphic encryption.
I was recently exploring methods for improved privacy using various encryption schemes and stumbled upon Homomorphic Encryption that has a huge potential
In this post, Premier Developer consultant Lizet Pena De Sola explains Role Based Access Control in ASP.NET MVC.
Role Based Access Control in MVC is pretty straight forward. There is also a way to do claims access control, but the most common way is based on roles.
In this post, Premier Developer consultant Lizet Pena De Sola explains Diffie-Hellman in the HTTPS key exchange.
I got a question right after I had spent a week in training classes for the COMPTIA Security+ exam: to describe how HTTP Secure (HTTPS) modifies the HTTP traffic between a client browser and the server.
This post on authentication and authorization is from Premier Developer consultant Marius Rochon.
Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token).