Windows Azure Security Notes Posted to the Security TechCenter

Our Windows Azure Security Notes are now available under the Highlights section on TechNet’s Security TechCenter. It’s a collection of common applications scenarios for Web applications, Web services, and data on Azure, and it’s a map of common threats, attacks, vulnerabilities, and countermeasures.  It also explains the approach we used to understand the security impact…

0

Now Available: Windows Azure Security Notes PDF

Windows Azure Security Notes (PDF) is a collection of our notes and learnings from exploring the cloud security space and working through Windows Azure security scenarios.   Note that this is not a guide and it’s not a Microsoft patterns & practices deliverable.  It’s simply a way to package up, hand-off, and share what we learned…

1

Cloud Security Threats and Countermeasures at a Glance

Cloud security has been a hot topic with the introduction of the Microsoft offering of the Windows Azure platform.  One of the quickest ways to get your head around security is to cut to the chase and look at the threats, attacks, vulnerabilities and countermeasures.  This post is a look at threats and countermeasures from…

0

How To Enable SSL on Windows Azure

As part of our Azure Security Guidance project, we tested setting up SSL during our exploration.  To do so, we created a self-signed certificate and deployed it to Azure.  This is a snapshot of the rough steps we used: Step 1 – Create and Install a test certificate Step 2 – Create a Visual Studio…

2

patterns & practices Security Guidance Roundup

This is a comprehensive roundup of our patterns & practices security guidance for the Microsoft platform.   I put it together based on customers looking for our security guidance, but having a hard time finding it.  While you might come across a guide here or a How To there, it can be difficult to see the…

2

REST with ACS

This is a draft of our REST with ACS application scenario for your feedback.  It’s a whiteboard sketch of how to secure a REST service on Azure. As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most…

0

WCF Security Scenarios on Azure

As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we have the right scenarios, and whether you agree…

2

ASP.NET Security Scenarios on Azure

As part of our patterns & practices Azure Security Guidance project, we’re putting together a series of Application Scenarios and Solutions.  Our goal is to show the most common application scenarios on the Microsoft Azure platform.  This is your chance to give us feedback on whether we have the right scenarios, and whether you agree…

8

Agile Security Engineering

“It is not necessary to change. Survival is not mandatory.”—Edwards Deming I gave a talk for the developer security MVPs at the Microsoft 2010 MVP Summit last week.  While I focused primarily on Azure Security, I did briefly cover Agile Security Engineering.  Here is the figure I used to help show how we do Agile…

2

Security Mental Model for Azure

We’ve been exploring Azure on the patterns & practices team for potential security guidance.   To get our heads around it, we’ve had to create a simple view for our team that we could quickly whiteboard or drill into.  We wanted a way to easily compare with our previous security guidance.  Here’s what we ended up…

3