Security

Posts touching on Security in various angles lives in this category.

Passing AZ-500: Microsoft Certified Azure Security Engineer Associate Members Public

The AZ-500 is a great certification if you work with security and compliance. In this article I'm outlining my experiences in taking this exam online from my home office, as well as free official Microsoft documentation around the areas you'll be tested on.

Tobias Zimmergren
Tobias Zimmergren
AzureCertificationSecurity

GitHub Actions for Security Code Analysis Members Public

Performing code analysis and security scans on your code is imperative to software craftsmanship. Over the years, I have had plenty of options for performing security scans, both with third-party vendors and open-source tools. I want to highlight some of my favorite GitHub Actions to run code analysis with a

Tobias Zimmergren
Tobias Zimmergren
githubgithub actionscode analysis

Use the Microsoft Application Inspector to analyze your source code Members Public

Use the Microsoft Application Inspector to learn more about your code. Discover what types of algorithms, APIs, sensitive data and more that you make use of in the code base.

Tobias Zimmergren
Tobias Zimmergren
code analysisSecurityTools

Get notified of changes in Azure Key Vault by using Event Grid Members Public

There are numerous ways to secure and audit your Azure Key Vault setup and usage. In 2019, I wrote Who accessed my Azure Key Vault?, which is still relevant. In this article, I want to talk about how to set up automatic notifications when something change related to your secrets.

Tobias Zimmergren
Tobias Zimmergren
AzureKey VaultSecurity

Website security scanning with GitHub Actions and OWASP ZAP Members Public

Security is a topic that should be on top of everyone's mind. Particularly security in software is vital, given the enormous growth in threats targeting online resources. I previously wrote about other developer-oriented security aspects that you might find interesting: Embrace a Security Development Lifecycle (SDL) for AzureAutomate Azure DevOps

Tobias Zimmergren
Tobias Zimmergren
githubgithub actionscybersecurity

Create a custom Azure Security Center recommendation with Azure Policy Members Public

In Azure Security Center you get a lot of built-in recommendations based on various compliance- and security controls. These are based on industry standards and include things like Azure CIS, PCI DSS, SOC TSP, ISO 27001, and more. However, many organizations have different requirements than the defaults, and sometimes want

Tobias Zimmergren
Tobias Zimmergren
AzureSecurityPolicy

Configuring Publisher Verification in Azure Active Directory Members Public

Learn what the publisher verification status is, and how to set it up in your organization. Azure AD comes with Consent Policies, enabling your organizations to only trust verified publishers. Users will then only be able to consent to applications that are verified.

Tobias Zimmergren
Tobias Zimmergren
AzureSecurityGovernance

Using the Azure Resource Graph to improve your Azure Governance game Members Public

Learn about some of my key scenarios for using the Azure Resource Graph to gain a better understanding of my Azure resources. This is a great tool for your Azure Governance toolkit.

Tobias Zimmergren
Tobias Zimmergren
AzureGovernanceSecurity
Previous Page 2 of 5 Next

Hi, I'm Tobias 👋

Tobias Zimmergren profile picture

Find out more about me.

Recent comments

Recommended books!

Prepare for the AZ-500 exam!
Exam Ref AZ-500 Microsoft Azure Security Technologies
Azure Security Handbook!
Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment
Prepare for the SC-900 exam!
Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals