Application Security on Microsoft Azure

It is difficult to overstate the importance of Azure AD for Azure Authentication scenarios. This course, Microsoft Azure Authentication scenarios for developers, will teach you basic application scenarios as well as MFA and B2C, certificate authentication, and SQL Server authentication. You will first explore Azure Active Directory and how to use forms-based authentication. Next, you'll learn about Azure Active Directory authentication for a SQL database. You will also learn how to create certificate-based authentication and multi-factor authentication with Azure Active Directory. This course will give you a solid understanding of the authentication options Azure offers and will help you make the best architectural decisions for your application.

A solid understanding of Azure AD is the key to identity in the cloud using Microsoft technologies. This course, Managing Microsoft Azure Active Directory: Management, will teach you how to manage your Azure AD deployment. You'll first learn about users and groups. Next, you will learn about key capabilities that enable and secure end-user productivity such as conditional access, privileged identity management, and other features. You'll also learn how to use Azure AD with legacy applications and modern desktop environments using Azure AD Join or Azure AD Domain Services. This course will equip you with the knowledge and skills to manage your Azure AD environment.

A solid understanding of data security is essential for developing applications for Microsoft Azure. This course, Microsoft Azure Developer - Securing Data, will teach you how to secure your application configuration and data against unauthorized access. You'll first learn how to protect your application configuration settings, such as the database connection strings, using Azure Key Vault (MSI) and Managed Service Identity. Next, you will learn about Azure Storage Service encryption (SSE), Azure Disk Encryption(ADE) and Azure SQL Database Always Encrypted to protect your data from disk theft or comply with security standards. You'll also learn how to protect client-server communications with SSL/TLS encryption. This course will equip you with the knowledge and skills to secure data, enabling you to use Microsoft Azure's standard offerings to create more secure applications.

Online attacks on websites have increased in frequency over recent years. The same risks are still easily exploited. These vulnerabilities can be easily found within the browser. It's just a matter understanding what to look out for. This is how security looks from the perspective of an attacker. Their entry point is usually the browser. This is how they approach security issues on a website that they have chosen to investigate for security threats. This is a more accurate reflection of the online threat than looking at source code. It allows developers to immediately assess their applications, even if they aren't running in source. This is what online attackers do.

Organisations are increasingly concerned about security on the internet. In recent years, hacktivists have grown in sophistication and are now a real threat to corporate and personal security.
The Open Web Application Security Project provides the Top 10 to guide secure online application development and protect against threats.

This course will show you how to create web-based software that protects against risks.

It is crucial to be aware of common vulnerabilities in web applications that developers often encounter. Insecure deserialization ranks 8th in the OWASP Top 10 2017. Secure Coding: Preventing insecure deserialization is the course. It will teach you how to protect yourself against this vulnerability. Next, you'll learn about insecure serialization and how it can be exploited. You will also learn how to prevent insecure serialization in any framework or development language. This course will equip you with the knowledge and skills to secure your code so that insecure deserialization vulnerabilities are not introduced into your application.

For the safety of your company, it is vital to monitor what is happening with your application. Monitoring and proper application logging can help achieve this. Secure Coding: Preventing insufficient Logging and Monitoring will teach you what to look out for when setting up monitoring and logging for your applications. The first thing you will learn about is the danger of insufficient monitoring and logging. Next, you will learn what your application should and should not log. You'll also learn how to improve the quality and maintain log files. This course will equip you with all the knowledge and skills needed to detect future security incidents and provide application logging and monitoring.

The OWASP Top 10, 2017 includes a new entry: XML External Entities. (XXE). It can be hard to protect against this vulnerability as not many people are aware of it. This course, Secure Coding - Identifying and Mitigating XML External Entity Vulnerabilities (XXE), will explain what this vulnerability is and how it was included in the latest OWASP Top 10. You'll also learn how to identify it in your code and how to protect yourself against it. You will first learn about the consequences of an XML External Entity attack. Next, you'll learn how to identify dangerous parts of your code base. You will also learn how to protect yourself against vulnerabilities. This course will teach you about the risks XML External Entities can pose.