Security
Posts touching on Security in various angles lives in this category.

Discover sensitive Key Vault operations with Microsoft Sentinel Paid Members Public
Microsoft's Azure Key Vault Security workbook helps you structure the explorations of sensitive operations in your Azure Key Vaults. Using this workbook, we can cut the diagnostic and troubleshooting time down by a lot.

Securing Microsoft Teams Paid Members Public
Recently, Microsoft Teams adoption in organizations world-wide has skyrocketed. To keep up with this pace, here's a post about securing the Collaboration Experience, configuring Compliance, and a look at Security options!

Passing AZ-500: Microsoft Certified Azure Security Engineer Associate Paid Members Public
The AZ-500 is a great certification if you work with security and compliance. In this article I'm outlining my experiences in taking this exam online from my home office, as well as free official Microsoft documentation around the areas you'll be tested on.

GitHub Actions for Security Code Analysis Paid Members Public
Performing code analysis and security scans on your code is imperative to software craftsmanship. Over the years, I have had plenty of options for performing security scans, both with third-party vendors and open-source tools. I want to highlight some of my favorite GitHub Actions to run code analysis with a

Use the Microsoft Application Inspector to analyze your source code Paid Members Public
Use the Microsoft Application Inspector to learn more about your code. Discover what types of algorithms, APIs, sensitive data and more that you make use of in the code base.

Get notified of changes in Azure Key Vault by using Event Grid Paid Members Public
There are numerous ways to secure and audit your Azure Key Vault setup and usage. In 2019, I wrote Who accessed my Azure Key Vault? [https://zimmergren.net/azure-key-vault-diagnostics-who-accessing-your-vault/], which is still relevant. In this article, I want to talk about how to set up automatic notifications when something change

Website security scanning with GitHub Actions and OWASP ZAP Paid Members Public
Security is a topic that should be on top of everyone's mind. Particularly security in software is vital, given the enormous growth in threats targeting online resources. I previously wrote about other developer-oriented security aspects that you might find interesting: * Embrace a Security Development Lifecycle (SDL) for Azure [https://zimmergren.

Create a custom Azure Security Center recommendation with Azure Policy Paid Members Public
In Azure Security Center you get a lot of built-in recommendations based on various compliance- and security controls. These are based on industry standards and include things like Azure CIS, PCI DSS, SOC TSP, ISO 27001, and more. However, many organizations have different requirements than the defaults, and sometimes want
Recent comments