SlideShare a Scribd company logo

Azure App Gateway and Log Analytics under Penetration Tests

Download as PPTX, PDF
Roy Kim, profile picture
Roy Kim

The document highlights key web application security risks from the OWASP Top 10 list for 2017, which includes critical threats such as injection and broken authentication. It also mentions tools and resources like the OWASP ModSecurity Core Rule Set and Azure Application Gateway for security monitoring and configuration. Additionally, there are references to ZAP Proxy and log analytics for enhanced security testing and monitoring.

Technology
1 of 20
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
www.roykim.ca roy@roykim.ca
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
Open Web Application Security Project OWASP ModSecurity Core Rule Set (CRS)
OWASP Top 10 Most Critical Web Application Security Risks A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging&Monitoring
* https://www.zaproxy.org/ https://github.com/zaproxy/zap-hud
Azure App Gateway and Log Analytics under Penetration Tests
Azure Application Gateway  An application delivery controller  layer 7 load balancing/routing capabilities  web application firewall.
OWASP ModSecurity Core Rule Set
https://docs.microsoft.com/en-us/azure/azure-monitor/azure-monitor-rebrand#log-analytics-redefinition
• Configuration • Penetration Test • Monitoring with Log Analytics • Alert * see appendix slides for demo screenshots
Azure App Gateway and Log Analytics under Penetration Tests
roy@roykim.ca
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests
Azure App Gateway and Log Analytics under Penetration Tests

More Related Content

PDF
淺談WAF在AWS的架構_20171027
4ndersonLin
 
PDF
Better API Security with Automation
42Crunch
 
PPTX
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
Sebastian Taphanel CISSP-ISSEP
 
PPTX
Microservices docker-security
Sergio Loureiro
 
PDF
Launching a Highly-regulated Startup in the Public Cloud
Poornaprajna Udupi
 
PPTX
OpenStack at Cisco, June 2015
Lora O'Haver
 
PDF
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
PDF
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
AWSCOMSUM
 
淺談WAF在AWS的架構_20171027
4ndersonLin
 
Better API Security with Automation
42Crunch
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
Sebastian Taphanel CISSP-ISSEP
 
Microservices docker-security
Sergio Loureiro
 
Launching a Highly-regulated Startup in the Public Cloud
Poornaprajna Udupi
 
OpenStack at Cisco, June 2015
Lora O'Haver
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
AWSCOMSUM
 

What's hot (16)

PDF
Microservices: Notes From The Field
Apcera
 
PPTX
Building Automated Governance Using Code, Platform Services & Several Small P...
Todd Whitehead
 
PDF
20180514 _aws data-security_aws.compressed
Sekretariat3A
 
PDF
What's New With PureSec | April 2019
PureSec
 
PPTX
Microsoft Azure News - April 2021
Daniel Toomey
 
PDF
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
PPTX
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
PDF
CSS17: Houston - Protecting Web Apps
Alert Logic
 
PDF
Mohamed aliassakerresumev5 2018
Mohamed Assaker
 
PPTX
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
PDF
Apcera: Agility and Security in Docker Delivery
Apcera
 
PDF
[201702]Qubit Security Pitch deck
Seungmin Shin
 
PDF
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
PPTX
Micro segmentation – a perfect fit for microservices
Anthony Chow
 
PPTX
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
PPTX
CSS17: DC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Microservices: Notes From The Field
Apcera
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Todd Whitehead
 
20180514 _aws data-security_aws.compressed
Sekretariat3A
 
What's New With PureSec | April 2019
PureSec
 
Microsoft Azure News - April 2021
Daniel Toomey
 
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
 
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
CSS17: Houston - Protecting Web Apps
Alert Logic
 
Mohamed aliassakerresumev5 2018
Mohamed Assaker
 
Realizing the Full Potential of Cloud-Native Application Security
Ory Segal
 
Apcera: Agility and Security in Docker Delivery
Apcera
 
[201702]Qubit Security Pitch deck
Seungmin Shin
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
Micro segmentation – a perfect fit for microservices
Anthony Chow
 
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Ad

Similar to Azure App Gateway and Log Analytics under Penetration Tests (20)

PDF
Better API Security With A SecDevOps Approach
Nordic APIs
 
PDF
SecDevOps for API Security
42Crunch
 
PPTX
Brocade vADC Portfolio Overview 2016
Scott Sims
 
PPT
OWASP an Introduction
alessiomarziali
 
PPTX
Azure serverless security
Pratik Khasnabis
 
PDF
淺談WAF在AWS的架構
4ndersonLin
 
PPTX
Owasp top 10 web application security risks 2017
Sampath Bhargav Pinnam
 
PDF
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
OWASP-Qatar Chapter
 
PPTX
OWASP_Top_Ten_Proactive_Controls version 2
ssuser18349f1
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
johnpragasam1
 
PDF
OWASP top10 2017, Montpellier JUG de Noel
Hubert Gregoire
 
PDF
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
cgt38842
 
PPTX
5 Absolutely Beautiful Things about Platform as a Service (PaaS)
Cory Fowler
 
PDF
Web hackingtools cf-summit2014
ColdFusionConference
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v32.pptx
nmk42194
 
PDF
The automated (ethical) hacker in you - test automation day nl 2018
Edward van Deursen
 
PDF
Web hackingtools 2015
ColdFusionConference
 
PDF
Web hackingtools 2015
devObjective
 
Better API Security With A SecDevOps Approach
Nordic APIs
 
SecDevOps for API Security
42Crunch
 
Brocade vADC Portfolio Overview 2016
Scott Sims
 
OWASP an Introduction
alessiomarziali
 
Azure serverless security
Pratik Khasnabis
 
淺談WAF在AWS的架構
4ndersonLin
 
Owasp top 10 web application security risks 2017
Sampath Bhargav Pinnam
 
Owasp qatar presentation top 10 changes 2013 - Tarun Gupta
OWASP-Qatar Chapter
 
OWASP_Top_Ten_Proactive_Controls version 2
ssuser18349f1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
johnpragasam1
 
OWASP top10 2017, Montpellier JUG de Noel
Hubert Gregoire
 
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
cgt38842
 
5 Absolutely Beautiful Things about Platform as a Service (PaaS)
Cory Fowler
 
Web hackingtools cf-summit2014
ColdFusionConference
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
nmk42194
 
The automated (ethical) hacker in you - test automation day nl 2018
Edward van Deursen
 
Web hackingtools 2015
ColdFusionConference
 
Web hackingtools 2015
devObjective
 
Ad

More from Roy Kim (13)

PPTX
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Roy Kim
 
PPTX
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
PPTX
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
PPTX
Applying Advanced Techniques to Azure Web Apps
Roy Kim
 
PDF
Big Data Analytics from Azure Cloud to Power BI Mobile
Roy Kim
 
PDF
Design and Configure Azure App Service Web Apps
Roy Kim
 
PPTX
SharePoint 2016 Hybrid Overview
Roy Kim
 
PPTX
SharePoint Hosted Add-in with AngularJS and Bootstrap
Roy Kim
 
PPTX
Designing for SharePoint Provider Hosted Apps
Roy Kim
 
PDF
Microsoft Azure For Solutions Architects
Roy Kim
 
PPTX
SharePoint 2013 Hosted App Presentation by Roy Kim
Roy Kim
 
PPT
Networking For Application Developers by Roy Kim
Roy Kim
 
PPTX
SharePoint Saturday 2010 - SharePoint 2010 Content Organizer Feature
Roy Kim
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
Roy Kim
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
Applying Advanced Techniques to Azure Web Apps
Roy Kim
 
Big Data Analytics from Azure Cloud to Power BI Mobile
Roy Kim
 
Design and Configure Azure App Service Web Apps
Roy Kim
 
SharePoint 2016 Hybrid Overview
Roy Kim
 
SharePoint Hosted Add-in with AngularJS and Bootstrap
Roy Kim
 
Designing for SharePoint Provider Hosted Apps
Roy Kim
 
Microsoft Azure For Solutions Architects
Roy Kim
 
SharePoint 2013 Hosted App Presentation by Roy Kim
Roy Kim
 
Networking For Application Developers by Roy Kim
Roy Kim
 
SharePoint Saturday 2010 - SharePoint 2010 Content Organizer Feature
Roy Kim
 

Recently uploaded (20)

PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 

Azure App Gateway and Log Analytics under Penetration Tests

Editor's Notes

  • #12: https://www.modsecurity.org/crs/