If you are working in an Azure environment and you are using Azure Availability Tests you might run into the following Health Advisory event:
On 31 October 2024, in alignment with the Azure wide legacy TLS deprecation, TLS 1.0/1.1 protocol versions and the below listed TLS 1.2/1.3 legacy Cipher suites and > Elliptical curves will be retired for Application Insights availability tests.
For a list of deprecated versions and remaining supported versions have a look over the official documentation here.
Recently a new vulnerability in OpenSSH has been identified and the first question that popped into my mind was: How do I make sure my nodes are not affected by _this vulnerability?
In this blog post, I wanted to go over what the vulnerability is, how it can be exploited, explain how you can check if your Azure Kubernetes Service (AKS) is vulnerable to CVE-2024-6387 and what you can do about it, including different options for upgrading the VMSS image and how to choose between them.
For this coffee read, I wanted to write about the STRIDE model and how, when working in your day to day job, you can use it to break down a functionality or requirement you may have and identify potential security threats.
The blog post is more of a guide in how create a security first mindset to approach your work. It’s not a guide on how to implement security measures or how to fix the threats (which I will add as part of tech articles). It’s more about how to identify them and categorize them.
Recently, I had to enable WAF on our Azure Application Gateway. Because of our infrastructure setup, I wanted to have all the rules from OWASP 3.2 enabled, but I needed to be able to exclude some of our (valid) requests from being blocked as well. To achieve this, I could either try to configure the WAF Config section on our Gateway or create a WAF policy.
Given that it was not entirely clear how you can use proper exclusions and filters based on what you need, I decided to write this post to explain the differences I found between the two and how you can use them.
In today’s world, security is a top priority for any organization or at least it should be. With the rise of cloud computing, the number of security threats has increased exponentially.
So how do we keep up? Where do we start?
Microsoft has created a set of security benchmarks to give users a starting point for setting up their security configurations. The Microsoft cloud security benchmark (MCSB) is the successor of Azure Security Benchmark (ASB), which was rebranded in October 2022 (Currently in public preview).
In our current environment we have Kong as our Ingress controller in front of our applications.
We are also using the Kong CORS Plugin to enable browsers to make cross-origin requests to our application’s backend. The CORS plugin lets you configure the API gateway behavior to support Cross-Origin Resource Sharing (CORS). If you want to dig deeper into what CORS is, please check the CORS glossary link.
We also make use of helm charts to handle our deployment.
