The Importance of Using Web Application Firewalls in Azure
As businesses continue to shift their operations to the cloud, it’s important to ensure that their applications and data are protected from threats such as cyber attacks and data breaches. One way to do this is by implementing a web application firewall (WAF) on an application gateway in Azure. A WAF is a security solution that sits between a website or web application and the internet, and is designed to protect against common web-based attacks such as SQL injection, cross-site scripting (XSS), and parameter tampering. Continue reading
Azure Sentinel - Log4J
Intro Apache Log4j is a Java-based logging utility that has recently had a zero-day exploit released codenamed “Log4Shell” (CVE-2021-44228). This zero-day allows an attacker to execute code on the remote server (Remote Code Execution) and can allow an attacker the ability to fully compromise the server the service is running on. Why is this a problem? The log4J package uses a JNDILookup plugin to allow the application/service to search for data throughout a Java directory and is found on all platforms running Java+logging from version 2. Continue reading
Why Terraform?
Intro I’m often asked if Microsoft provides the ability the deploy resources into Azure using Azure Resource Manager templates (ARM Templates) then why would I use Terraform for CI/CD deployments? In this post, I’ll try to answer this and provide an understanding of the differences and why, in my opinion, Terraform is the most versatile and agile tool available for IaC deployments. Why Infrastructure as code? Anyone who’s spent anytime deploying to Azure knows that the user interface is intuitive and that it guides you through the creation of deploying resources really well, prompting you for missing information and providing handy tooltips. Continue reading