Forum Discussion
Azure security and .NET Core application
Hi there, we're creating .NET core application with MSSQL database, that will be hosted on AZURE. Are you able guys to indicate what we should to take under consideration to be 100% compatible with ...
Hi Mark900
This is not a simple question to answer here. If you are developing the application using .net core, start here https://docs.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-3.0. This will give you some information on securing the app. Once you move to Azure, you will need to look at how to host the application and the controls that be put in place. Take a look here https://docs.microsoft.com/en-us/azure/security/develop/secure-develop it will provide some information on what to look at.
Microsoft also has a solution called Azure DevSecOps kit. https://azsk.azurewebsites.net/ this can be integrated into your development to help check that your code is secure.
In addition, try doing the standard approach.
Use HTTPS for all connections
Azure Keyvault for secrets and connection strings. Do not store secrets in code.
Application Insights for tracking what is happening in your app.
Capture logs to Log Analytics
Use encryption when storing data
Take backups
Develop the code using products like Azure DevOps, so the pipelines can deployment but also scan the code for security issues
Hope this helps.