Designing And Developing Secure Azure Solutions

Author: Michael Howard, Heinrich Gantenbein and Simone Curzi
Publisher: Microsoft
ISBN: 978-0137908752
Print: 013790875X
Audience: Azure developers
Rating: 5
Reviewer: Kay Ewbank

Moving applications to the cloud opens them to a different class of security threats, and this book sets out to explain how to make your azure solutions more secure.

This book is written as a practical tutorial for developers working in Azure with specific reference to security challenges and how to address them in Azure, from design and development to testing, deployment, governance, and compliance.



The first part of the book considers security principles, opening with a chapter looking at secure development lifecycle processes and the components that make up a secure development lifecycle. Having set the scene, the authors then move on to introduce secure design in general and as applied to Azure.


Chapter 3 examines security patterns, the definitions of problems that occur repeatedly along with the core of the solution to that problem. This is followed by a meaty chapter on threat modeling with coverage of threat classification systems such as Stride (spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege). The authors also include a look at different threat modeling tools, and a good example of how to model threats.

Chapter 5 considers the security of identity, authentication and authorization. This is another long chapter that takes each of the three areas in turn and looks at how to manage them securely.

Monitoring and auditing is the next topic to be examined with an introduction to Azure's tools for monitoring, auditing and logging. A chapter on governance and how it relates to the developer comes next, mainly concentrating on the Azure Security Benchmark. This opening section ends with a chapter on compliance and risk programs with brief introductions to the various compliance standards you might encounter such as HIPAA, FIPS 140, GDPR and MITRE.

Part Two of the book moves on to secure implementation, starting with a chapter on secure coding. This is a long and well written chapter that makes sense right from the outset with the rule that 'all input is evil'. There's a good look at common vulnerabilities, sensible advice on using C++, and on keeping developers honest with fuzz testing.

The next chapter looks at cryptography in Azure, with sections on securing keys, Azure services and cryptography, and protecting data in transit.

Confidential computing is the topic for the next chapter, with an examination of various confidential computing processors. This is followed by good chapters on container security and database security. The database chapter looks at security in SQL Server, including the control plane and data plane, then moves on to Cosmos DB security.

A chapter on CI/CD security looks at source control systems and supply chain attacks, and the book ends with a chapter on network security that considers topics such as NVAs and gateways, PaaS and private networking, and Kubernetes Service networking. An appendix of core cryptographic techniques brings the book to a close/

This is a well written book that I'd recommend to any developer working with Azure.

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


SQL Server 2022 Administration Inside Out

Author: Randolph West et al
Publisher: Microsoft Press
Pages: 992
Print: 0137899882
ISBN: 978-0137899883
Kindle: B0C4VKVP27
Audience: DBAs and developers
Rating: 5.0
Reviewer: Ian Stirk

This book aims to update your DBA skills to cover SQL Server 2022, how does it fare?

SQL Server 2022 Revealed

Author: Bob Ward
Publisher: Apress
Pages: 506
ISBN: 978-1484288931
Kindle: B0BLB4VJL9
Audience: DBAs & SQL devs
Rating: 5
Reviewer: Ian Stirk

This book aims to explain the new features in SQL Server 2022, how does it fare?

More Reviews