Physical Data Center Security

Senior Consultant Omar Amin recently posted this article on securing a physical data center.  In this post, he highlights roles and responsibility on security across various hosting options. I don’t spend a lot of time talking to customers about physical data center security. As a developer using mostly PaaS or IaaS compute platforms, I just…


Accelerate Your GDPR compliance with Microsoft Cloud

This post is provided by App Dev Managers Latha Natarajan and Sujith Nair who explore the critical aspect of protecting personal information and the impact of data security failures. This post also discusses the rich set Azure services that Microsoft customers and organizations can use to protect personal data in compliance with GDPR and other…


Angular How-to: Implement Role-based security

Laurie Atkinson, Premier Developer Consultant, shows us how to customize the behavior of an Angular app based on the user’s permissions. This includes page navigation, hiding and disabling of UI elements, and generation of menus. Applications often include requirements to customize their appearance and behavior based on the user’s role or permission. Users should only…


Alternative way to protect your Application Insights “Instrumentation Key” in JavaScript

This post on Application Insights and protecting your instrumentation key comes to us from Premier Developer consultant Adel Ghabboun. Application Insights instrumentation key can be used in both Server and client side. Using the instrumentation key in the server side is secured and no one can see it. The opposite happens on the client side…

0

Homomorphic Encryption 101

In this article from his blog, Premier Developer consultant Razi Rais covers some of the basics of a powerful security & privacy tool – homomorphic encryption. I was recently exploring methods for improved privacy using various encryption schemes and stumbled upon Homomorphic Encryption that has a huge potential  in that area. I do feel that…

1

Role Based Access Control in ASP.NET MVC

In this post, Premier Developer consultant Lizet Pena De Sola explains Role Based Access Control in ASP.NET MVC. Role Based Access Control in MVC is pretty straight forward. There is also a way to do claims access control, but the most common way is based on roles. To show or hide action links in a view depending…

1

HTTP Secure, Part II. Is Diffie-Hellman always used in the HTTPS key exchange?

In this post, Premier Developer consultant Lizet Pena De Sola explains Diffie-Hellman in the HTTPS key exchange. I got a question right after I had spent a week in training classes for the COMPTIA Security+ exam: to describe how HTTP Secure (HTTPS) modifies the HTTP traffic between a client browser and the server.  At the end of my explanation,…

2

Claims augmentation with OWIN but outside of Startup code

This post on authentication and authorization is from Premier Developer consultant Marius Rochon. Claims list included in the ClaimsPrincipal usually originate from the security token received by the application as part of user authentication (SAML, OpenIDConnect id token) or access authorization (OAuth2 bearer access token).  However, sometimes there is a need to modify that list…

0

Should you obfuscate your Xamarin app?

This blog on securing your source code is from Premier Developer consultant Bill Reiss. I saw a question recently about how to protect code in a Xamarin app package. I feel the first question is whether you need to, and not how to do it. The reality is that you can never completely protect your…

2

Hardening your web server’s SSL /TLS ciphers

In this post, Senior Application Development Manager, Anand Shukla shares some tips to harden your web server’s SSL/TLS ciphers. I recently worked with a customer who had security requirements to disable the weak RC 4 ciphers from their Windows 2008 and Windows 2003 servers.  The process is little different for Windows 2008 R2 servers and…