Forum Discussion

Mark900's avatar
Mark900
Copper Contributor
Oct 08, 2019

Azure security and .NET Core application

Hi there,

we're creating .NET core application with MSSQL database, that will be hosted on AZURE. Are you able guys to indicate what we should to take under consideration to be 100% compatible with AZURE in relation of full secure? Our app will be avaible to any users in WAN. Can You show the documents/instructions, that will tell us what components should be used within the .NET Core app to be fully fit to Azure? Is there any? I understand Azure modules can be added any time, even after we'll finish the system or must be taken in advance?

Thanks for any help,

  • CraigWilson_'s avatar
    CraigWilson_
    Brass Contributor

    Hi Mark900 

     

    This is not a simple question to answer here. If you are developing the application using .net core, start here https://docs.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-3.0. This will give you some information on securing the app. Once you move to Azure, you will need to look at how to host the application and the controls that be put in place. Take a look here https://docs.microsoft.com/en-us/azure/security/develop/secure-develop it will provide some information on what to look at.

     

    Microsoft also has a solution called Azure DevSecOps kit. https://azsk.azurewebsites.net/ this can be integrated into your development to help check that your code is secure.

     

    In addition, try doing the standard approach.

    Use HTTPS for all connections

    Azure Keyvault for secrets and connection strings. Do not store secrets in code.

    Application Insights for tracking what is happening in your app. 

    Capture logs to Log Analytics

    Use encryption when storing data

    Take backups

    Develop the code using products like Azure DevOps, so the pipelines can deployment but also scan the code for security issues

     

    Hope this helps.

     

     

     

Resources