Category Archives: Secure Development

Quick look at CICD Integration in Azure Security Center to scan your docker image

If you are working in a cyber-security field where DevOps is involved, you probably heard about shift-left security. Shift-left security is just basically to move security assessment or verification sooner in the development process so you wouldn’t waste time to … Continue reading

Posted in Secure Development | Tagged , | Leave a comment

Notes on Azure SQL Server Auditting should be enabled policy

Recently I was asked to help a colleague of mine on a policy named “Azure SQL Server auditing should be enabled“. He deployed an ARM template to enable auditing but the deployment didn’t reflect the setting in Azure Portal. In … Continue reading

Posted in Secure Development, Security Automation | Tagged | Leave a comment

Azure Disk Encryption ARM template for Windows VM

I had an article about a healthy Windows virtual machine in Azure and got a feedback that the virtual machine should have disk encryption in place. That feedback is very valuable and it drove me to do more research and … Continue reading

Posted in Secure Development | Tagged , | 1 Comment

Audit Azure App Service in your tenant

There are several ways to extract information of Azure App Service resources in your environment. You can use Resource Graph Explorer, Azure CLI, Azure PowerShell or Azure REST API. Depending on the information you would like to extract, the tool … Continue reading

Posted in Secure Development | Tagged , , | 1 Comment

Some fun with Azure Key Vault REST API and HttpClient – Part 5

We have gone through 5 articles about Azure Key Vault REST API in which we explored the possibility of working with Azure Key Vault REST API, specific to Vault and Secret. We also realized just ‘a bit‘ about how unclear … Continue reading

Posted in Secure Development | Tagged , | 2 Comments

Some fun with Azure Key Vault REST API and HttpClient – Part 4.1

I thought I would have a new title for this article as it is not going to cover the use of HttpClient and Key Vault REST API. Spent a little bit of time thinking, I decided to let it be … Continue reading

Posted in Secure Development | 2 Comments

Some fun with Azure Key Vault REST API and HttpClient – Part 4

The Part 2 in Some fun with Azure Key Vault REST API and HttpClient series provides simple guidance on how to create a new fresh secret without creating a new version of existing secret under a specified vault in Azure … Continue reading

Posted in Secure Development | Tagged , | 3 Comments

Some fun with Azure Key Vault REST API and HttpClient – Part 3

After two articles doing some fun with Azure Key Vault REST API and HttpClient, I’ve got some requests to add more things to work with vault, for example listing all existing vaults under a given subscription, or deleting a vault. … Continue reading

Posted in Secure Development | 4 Comments

Some fun with Azure Key Vault REST API and HttpClient – Part 2

In previous article, I demonstrated how to use HttpClient to work with Azure Key Vault REST API. With this approach, you shouldn’t worry about your programming language skills. What I meant was that you could even use Python, for instance, … Continue reading

Posted in Secure Development | Tagged , | 5 Comments

Some fun with Azure Key Vault REST API and HttpClient – Part 1

Azure Key Vault is not new to Azure developers and architects. It is a cloud-based service to safeguard your sensitive information and crypto implementation and management . Working with Azure Key Vault can be done via Azure Portal, PowerShell or … Continue reading

Posted in Secure Development | 5 Comments