Forum Discussion
Azure security and .NET Core application
Hi there,
we're creating .NET core application with MSSQL database, that will be hosted on AZURE. Are you able guys to indicate what we should to take under consideration to be 100% compatible with AZURE in relation of full secure? Our app will be avaible to any users in WAN. Can You show the documents/instructions, that will tell us what components should be used within the .NET Core app to be fully fit to Azure? Is there any? I understand Azure modules can be added any time, even after we'll finish the system or must be taken in advance?
Thanks for any help,
- CraigWilson_Brass Contributor
Hi Mark900
This is not a simple question to answer here. If you are developing the application using .net core, start here https://docs.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-3.0. This will give you some information on securing the app. Once you move to Azure, you will need to look at how to host the application and the controls that be put in place. Take a look here https://docs.microsoft.com/en-us/azure/security/develop/secure-develop it will provide some information on what to look at.
Microsoft also has a solution called Azure DevSecOps kit. https://azsk.azurewebsites.net/ this can be integrated into your development to help check that your code is secure.
In addition, try doing the standard approach.
Use HTTPS for all connections
Azure Keyvault for secrets and connection strings. Do not store secrets in code.
Application Insights for tracking what is happening in your app.
Capture logs to Log Analytics
Use encryption when storing data
Take backups
Develop the code using products like Azure DevOps, so the pipelines can deployment but also scan the code for security issues
Hope this helps.