cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securing WebApp Server -

jcvst
Brass Contributor

‎Nov 12 2023 12:25 PM

‎Nov 12 2023 12:25 PM

Securing WebApp Server -

I recently had a discussing with a junior co-worker around securing WebApp servers, so I decided to post this, my thoughts around it. What am I missing?

  • Ensure your web application is secured by implementing HTTPS and employing a TLS/SSL certificate to encrypt communication between the app and its users. 

  • Enhance security by enforcing HTTPS for all web app requests, while also disabling insecure protocols like HTTP, TLS 1.0, and FTP. Achieve this through App Service settings or by adding a redirect rule in your web.config file.

  • Safeguard your web app by configuring authentication measures, restricting access to users within your organization. Utilize Azure Active Directory (Azure AD) for user authentication and authorization, with the option to enable multi-factor authentication (MFA) for an additional layer of security.

  • Employ managed identities to access the Azure data plane (e.g., Azure Storage, Azure SQL Database, Azure Key Vault) from your web app without storing credentials in your code. Managed identities offer an Azure AD-managed identity for your app, automatically rotating access tokens.

  • Access Microsoft Graph to retrieve user or non-user data for your web app, utilizing the Microsoft Graph SDK or REST API. To enable this, register your app with Azure AD and grant the necessary permissions to access Microsoft Graph.

  • Establish an Azure Key Vault to securely store and manage sensitive information such as connection strings, passwords, certificates, and encryption keys. Leverage Azure Key Vault to inject secrets into your web app at runtime, avoiding exposure in code or configuration files. Additionally, use it to generate or upload certificates for your web app.

  • Enhance the security of your web app by using private endpoints to connect to other Azure resources within a virtual network (VNet). Private endpoints provide a non-public IP address for your web app, preventing exposure to the internet. This setup helps prevent data exfiltration from your VNet and ensures a secure connection from on-premises networks using a VPN or ExpressRoute private peering.

297 Views
0 Likes
2 Replies
Reply
2 Replies
Kidd_Ip

‎Nov 12 2023 04:41 PM

‎Nov 12 2023 04:41 PM

Re: Securing WebApp Server -

@jcvst 

 

Worth to follow this as well:

 

Azure security baseline for App Service | Microsoft Learn

0 Likes
Reply
jcvst

‎Nov 12 2023 04:44 PM

‎Nov 12 2023 04:44 PM

Re: Securing WebApp Server -

Awesome thank you.
0 Likes
Reply