Industrial Scale RBAC in Microsoft Azure

If you’re building a cloud service with just a few of your closest friends, you can forgiven for not thinking about securing your resources—allowing everyone in the team to do anything to all resources in the subscription may be a fine strategy. But if your team is a part of a big company, with multiple…


Hardening your web server’s SSL /TLS ciphers

In this post, Senior Application Development Manager, Anand Shukla shares some tips to harden your web server’s SSL/TLS ciphers. I recently worked with a customer who had security requirements to disable the weak RC 4 ciphers from their Windows 2008 and Windows 2003 servers.  The process is little different for Windows 2008 R2 servers and…


Powershell Security at Enterprise Customers

TL;DR; (“too long; didn’t read”) There are some people who don´t have the time to read the whole text – if you are familiar with the topic the text in bold includes the most important points and is just for you. The most important points to enforce Powershell Security is to use the newest Versions…


Azure Blueprint illustrates the clear path to meet the Cybersecurity Executive Order

With the release of the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, agencies have new requirements to meet and document compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Agencies have a limited window to document their current risk posture and plans to fully comply…


Using Open Source Components? Using TFS?

Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I’ve received is, When can we have this for TFS too? I’m happy to announce that the extension…


Microsoft Security Risk Detection

In this post, Application Development Managers, Mike Batongbacal and Syed Medhi, introduce the Microsoft Security Risk Detection service formerly known as Project Springfield. Software Security is a Business Imperative In today’s world, the threat of security breaches in computer networks and business software is an all too real possibility. More than ever before, businesses are…


Set or change an Azure App Service file or folder permission

I was using FileZilla to try to change the file permissions and I got this error: Status: Setting permissions of ‘/site/wwwroot/index.html’ to ‘644’ Command: SITE CHMOD 644 index.html Response: 500 ‘SITE’: command not understood Status: Setting permissions of ‘/site/wwwroot/index.html’ to ‘755’ Command: SITE CHMOD 755 index.html Response: 500 ‘SITE’: command not understood Then I started…


Encrypt Secrets With A Certificate In Azure Websites

Here’s the scenario: you have a secret that needs to be used in your website but you know it’s insecure to put the password in your code in plain text. One easy solution is to manually enter the secret into the web config using the Application Settings page in the portal, but that doesn’t give a…


Azure Security Center Dashboard Updated

Good news on the Azure Security Center front! We’ve refreshed the dashboard to make it easier for you to: Identify new issues with your Azure Virtual Machines and PaaS services Find those issues easily using the New alerts & incidents tile Get to work fast with the ROI on investigations by using the Most attacked…