What’s the best IaC tool for Azure?
Many of you will already be using Infrastructure as Code (IaC) day to day but for some choosing the right tool to ensure success is the real first stumbling block. So with so many options, how should you go about choosing the one that’s right? In the Microsoft corner there’s; PowerShell, Azure Resource Manager (ARM), Bicep and in the 3rd party corner HashiCorp Terraform each offer benefits and drawbacks. The choice comes down to your team’s skills, the complexity of your environment, and your cloud strategy. Continue reading
The Importance of Using Web Application Firewalls in Azure
As businesses continue to shift their operations to the cloud, it’s important to ensure that their applications and data are protected from threats such as cyber attacks and data breaches. One way to do this is by implementing a web application firewall (WAF) on an application gateway in Azure. A WAF is a security solution that sits between a website or web application and the internet, and is designed to protect against common web-based attacks such as SQL injection, cross-site scripting (XSS), and parameter tampering. Continue reading
Azure Sentinel - Log4J
Intro Apache Log4j is a Java-based logging utility that has recently had a zero-day exploit released codenamed “Log4Shell” (CVE-2021-44228). This zero-day allows an attacker to execute code on the remote server (Remote Code Execution) and can allow an attacker the ability to fully compromise the server the service is running on. Why is this a problem? The log4J package uses a JNDILookup plugin to allow the application/service to search for data throughout a Java directory and is found on all platforms running Java+logging from version 2. Continue reading