SlideShare a Scribd company logo

Azure serverless security

Download as PPTX, PDF
P
Pratik Khasnabis

The document discusses serverless architecture, emphasizing the necessity of security in such environments despite the absence of traditional servers. It outlines security responsibilities among various teams and highlights specific security practices, including the use of OAuth 2.0 and Azure Active Directory for authentication. Additionally, it provides guidance on ensuring secure API calls and managing secrets using Azure Key Vault and managed identities.

Technology
1 of 39
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
AZURE SERVERLESS SECURITY P R A T I K K H A S N A B I S A Z U R E C L O U D A R C H I T E C T ( M C S E & M C S D ) @ S O F T V E D A
SERVERLESS ARCHITECTURE “Serverless architectures are application designs that incorporate third-party “Backend as a Service” (BaaS) services, and/or that include custom code run in managed, ephemeral containers on a “Functions as a Service” (FaaS) platform. By using these ideas, and related ones like single-page applications, such architectures remove much of the need for a traditional always-on server component. …” - Martin Fowler SPA App FaaS BaaS
SERVERLESS SECURITY • Just because there is no servers to manage doesn’t absolve you from the responsibility of securing your serverless architecture. • Security on cloud is everyone's responsibility including the development team, the SRE/Ops team, Cyber Security team and of course your cloud vendor. • Security controls also depend on the threat model and risks identified for your specific application. There is no one size fits all solution to cyber security.
SECURING YOUR AZURE ACCOUNT Your Pa$$word doesn't matter Enabling multi-factor authentication (MFA) for accounts will end up blocking 99.9% of automated attacks.
APPSEC PRACTICES Secure coding practices Protect against OWASP Top 10 Do Input validation Logging and Monitoring Enable HTTPS only with TLS 1.2 Framework currency Dependencies vulnerability scans “UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks” “Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report. The credit agency failed to patch a disclosed vulnerability in Apache Struts, a common open source web server.” “Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.”
TYPICAL SERVERLESS ARCHITECTURE ON AZURE Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling
AZURE BLOBS – STATIC WEBSITE HOSTING https://todoappinsecure.z13.web.core.windows.net/
TODO APP - SPA CODE const azureFuncUrl = "https://todoinsecurefunctionapp.azurewebsites.net/api/todo/"; function callSearchAPi() { var id = $("#searchInput").val(); $.ajax({ url: azureFuncUrl + id, type: "GET … } $("#searchBtn").click(function () { clearErrorMessage(); callSearchAPi(); })
TODO FUNCTION https://todoinsecurefunctionapp.azurewebsites.net/api/todo/{id}
SETTING CORS
TODO TABLE STORAGE Connection String in Function App Application Settings
IS THIS APP SECURE? Storage blob Storage table Cosmos DB Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling App Config
PROBLEM STATEMENT How do we make sure that the REST API calls from the SPA to Azure Function is secure as in only authenticated and authorised users can invoke the Azure Function. How do we make sure that only the Azure Function app can access the backend Database and secure the credential.
OAUTH 2.0 IMPLICIT GRANT FLOW
REGISTER TODO APP IN AZURE AD
REGISTER TODO API FUNCTION IN AZURE AD
TODO APP SECURE –SPA CODE
ADAL.JS – LOGIN
ADAL.JS – GET ACESS TOKEN
CHANGE AUTHENTICATION TO FUNCTION
AZURE API MANAGEMENT • Reducing the attack surface • CORS Policy • Validate JWT Policy • Rate limiting
PUBLISH TODO FUNCTION APP IN AZURE APIM
CONFIGURE VALIDATE-JWT POLICY
IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key App Config
INSPECT THE JWT ACCESS TOKEN
ADD APPLICATION ROLE IN MANIFEST
GRANT APPLICATION ROLE TO USER
INSPECT THE JWT ACCESS TOKEN
TOKEN VALIDATION & ROLE CHECK
IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key App Config JWT
CREDENTIAL FREE CODE Managed Identity for Azure Resources (aka MSI) – MSI_ENDPOINT – MSI_SECRET
CREATE AN IDENTITY FOR THE FUNCTION APP
SAVE CONNECTION STRING AS A SECRET IN KV
SET A LEAST PRIVILEGE ACCESS POLICY TO THE FUNCTION APP IDENTITY
SET THE CONNECTION STRING VALUE IN FUNCTION APP APPLICATION SETTINGS Format is @Microsoft.KeyVault(SecretUri=secret_uri_with_version)
IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key MSI JWT
SECURE SERVERLESS ARCHITECTURE Azure Active Directory Azure Key Vault API Management Storage blob Static Website Hosting Sign In Open-id config MSI Access Policy GET Static Assets (Unauthenticated) AJAX API Calls API Calls Table Ops GET Secret SPA App (ADAL.js) Storage table CORS policy Validate JWT policy Validate Claims JWT JWTFunction Key Get Access Token Data Store JWT
TAKEAWAYS • Implement OAUTH 2.0 Implicit Flow in the SPA to get a access token for the Function App being called • Register the SPA and the Function App in Azure AD as applications • Change Function App application manifest and add “app roles” • Grant roles to users in AD for the Function App application • Publish the Function App in Azure API Management • Validate the JWT token in APIM policy • Check the role in the claims within the JWT in Function App code • Set Managed Identity for the Function App • Stote connection strings as secrets in Azure Key Vault • Grant least privilege access policy to the Function App MSI in the Key Vault • Change the application configuration for Function App to point to Key Vault
THANK YOU Pratik Khasnabis Azure Cloud Architect (MCSE & MCSD) @softveda

More Related Content

PPTX
Azure App Service Deep Dive
Azure Riyadh User Group
 
PPTX
Azure Big Picture
Azure Riyadh User Group
 
PDF
Building microservices on azure
Vaibhav Gujral
 
PPTX
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
PPTX
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
PPTX
Azure Automation and Update Management
Udaiappa Ramachandran
 
PPTX
Certification in Microsoft Azure
Daniel Toomey
 
PPTX
Sydney 2015 Azure bootcamp PaaS presentation
Aaron Saikovski
 
Azure App Service Deep Dive
Azure Riyadh User Group
 
Azure Big Picture
Azure Riyadh User Group
 
Building microservices on azure
Vaibhav Gujral
 
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
Introduction to Microsoft Azure 101
R M Shahidul Islam Shahed
 
Azure Automation and Update Management
Udaiappa Ramachandran
 
Certification in Microsoft Azure
Daniel Toomey
 
Sydney 2015 Azure bootcamp PaaS presentation
Aaron Saikovski
 

What's hot (7)

PPTX
Lets talk about: Azure Kubernetes Service (AKS)
Pedro Sousa
 
PPTX
Azure IaaS Server Lifecycle Presentation
Daniel Toomey
 
PPTX
Microsoft Azure News - Dec 2016
Daniel Toomey
 
PPTX
Azure appservice
Raju Kumar
 
PDF
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
PDF
Overview of Amazon Web Services
Brett Gillett
 
PPTX
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Lets talk about: Azure Kubernetes Service (AKS)
Pedro Sousa
 
Azure IaaS Server Lifecycle Presentation
Daniel Toomey
 
Microsoft Azure News - Dec 2016
Daniel Toomey
 
Azure appservice
Raju Kumar
 
Innovation at Scale - Top 10 AWS questions when you start
Shiva Narayanaswamy
 
Overview of Amazon Web Services
Brett Gillett
 
Using Windows Azure for Solving Identity Management Challenges
Michael Collier
 
Ad

Similar to Azure serverless security (20)

PPTX
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Callon Campbell
 
PPTX
Design Practices for a Secure Azure Solution
Michele Leroux Bustamante
 
PDF
Securing APIs for ultimate security and privacy with Azure | Codit Webinar
Codit
 
PDF
Modern App Architecture - Microservices, API Friendly
DevOps Indonesia
 
PPTX
Adapt or Die Sydney - API Security
Apigee | Google Cloud
 
PPTX
Developing Solutions for Azure - Best Practices
Fisnik Doko
 
PPTX
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Lorenzo Barbieri
 
PPTX
Azure AD for browser-based application developers
Bob German
 
PDF
24032022 Zero Trust for Developers Pub.pdf
Tomasz Kopacz
 
PDF
Azure AD B2C – integration in a bank
Kseniia Lvova
 
PDF
Enhancing your Security APIs
Apigee | Google Cloud
 
PPTX
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
Spiffy
 
PDF
Red team-view-gaps-in-the-serverless-application-attack-surface
Priyanka Aash
 
PDF
Virtual Meetup - API Security Best Practices
Jimmy Attia
 
PPTX
What's new for Serverless Computing in Azure
Microsoft Tech Community
 
PPTX
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
PDF
SecDevOps for API Security
42Crunch
 
PDF
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays
 
PDF
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Tu Pham
 
PPTX
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Callon Campbell
 
Design Practices for a Secure Azure Solution
Michele Leroux Bustamante
 
Securing APIs for ultimate security and privacy with Azure | Codit Webinar
Codit
 
Modern App Architecture - Microservices, API Friendly
DevOps Indonesia
 
Adapt or Die Sydney - API Security
Apigee | Google Cloud
 
Developing Solutions for Azure - Best Practices
Fisnik Doko
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Lorenzo Barbieri
 
Azure AD for browser-based application developers
Bob German
 
24032022 Zero Trust for Developers Pub.pdf
Tomasz Kopacz
 
Azure AD B2C – integration in a bank
Kseniia Lvova
 
Enhancing your Security APIs
Apigee | Google Cloud
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
Spiffy
 
Red team-view-gaps-in-the-serverless-application-attack-surface
Priyanka Aash
 
Virtual Meetup - API Security Best Practices
Jimmy Attia
 
What's new for Serverless Computing in Azure
Microsoft Tech Community
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
SecDevOps for API Security
42Crunch
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays
 
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Tu Pham
 
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Ad

Recently uploaded (20)

PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 

Azure serverless security

  • 1. AZURE SERVERLESS SECURITY P R A T I K K H A S N A B I S A Z U R E C L O U D A R C H I T E C T ( M C S E & M C S D ) @ S O F T V E D A
  • 2. SERVERLESS ARCHITECTURE “Serverless architectures are application designs that incorporate third-party “Backend as a Service” (BaaS) services, and/or that include custom code run in managed, ephemeral containers on a “Functions as a Service” (FaaS) platform. By using these ideas, and related ones like single-page applications, such architectures remove much of the need for a traditional always-on server component. …” - Martin Fowler SPA App FaaS BaaS
  • 3. SERVERLESS SECURITY • Just because there is no servers to manage doesn’t absolve you from the responsibility of securing your serverless architecture. • Security on cloud is everyone's responsibility including the development team, the SRE/Ops team, Cyber Security team and of course your cloud vendor. • Security controls also depend on the threat model and risks identified for your specific application. There is no one size fits all solution to cyber security.
  • 4. SECURING YOUR AZURE ACCOUNT Your Pa$$word doesn't matter Enabling multi-factor authentication (MFA) for accounts will end up blocking 99.9% of automated attacks.
  • 5. APPSEC PRACTICES Secure coding practices Protect against OWASP Top 10 Do Input validation Logging and Monitoring Enable HTTPS only with TLS 1.2 Framework currency Dependencies vulnerability scans “UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks” “Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report. The credit agency failed to patch a disclosed vulnerability in Apache Struts, a common open source web server.” “Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.”
  • 6. TYPICAL SERVERLESS ARCHITECTURE ON AZURE Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling
  • 7. AZURE BLOBS – STATIC WEBSITE HOSTING https://todoappinsecure.z13.web.core.windows.net/
  • 8. TODO APP - SPA CODE const azureFuncUrl = "https://todoinsecurefunctionapp.azurewebsites.net/api/todo/"; function callSearchAPi() { var id = $("#searchInput").val(); $.ajax({ url: azureFuncUrl + id, type: "GET … } $("#searchBtn").click(function () { clearErrorMessage(); callSearchAPi(); })
  • 11. TODO TABLE STORAGE Connection String in Function App Application Settings
  • 12. IS THIS APP SECURE? Storage blob Storage table Cosmos DB Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling App Config
  • 13. PROBLEM STATEMENT How do we make sure that the REST API calls from the SPA to Azure Function is secure as in only authenticated and authorised users can invoke the Azure Function. How do we make sure that only the Azure Function app can access the backend Database and secure the credential.
  • 14. OAUTH 2.0 IMPLICIT GRANT FLOW
  • 15. REGISTER TODO APP IN AZURE AD
  • 16. REGISTER TODO API FUNCTION IN AZURE AD
  • 17. TODO APP SECURE –SPA CODE
  • 19. ADAL.JS – GET ACESS TOKEN
  • 21. AZURE API MANAGEMENT • Reducing the attack surface • CORS Policy • Validate JWT Policy • Rate limiting
  • 22. PUBLISH TODO FUNCTION APP IN AZURE APIM
  • 24. IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key App Config
  • 25. INSPECT THE JWT ACCESS TOKEN
  • 26. ADD APPLICATION ROLE IN MANIFEST
  • 28. INSPECT THE JWT ACCESS TOKEN
  • 29. TOKEN VALIDATION & ROLE CHECK
  • 30. IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key App Config JWT
  • 31. CREDENTIAL FREE CODE Managed Identity for Azure Resources (aka MSI) – MSI_ENDPOINT – MSI_SECRET
  • 32. CREATE AN IDENTITY FOR THE FUNCTION APP
  • 33. SAVE CONNECTION STRING AS A SECRET IN KV
  • 34. SET A LEAST PRIVILEGE ACCESS POLICY TO THE FUNCTION APP IDENTITY
  • 35. SET THE CONNECTION STRING VALUE IN FUNCTION APP APPLICATION SETTINGS Format is @Microsoft.KeyVault(SecretUri=secret_uri_with_version)
  • 36. IS THIS APP SECURE? Storage blob Storage table Cosmos DB API Management Functions [Single Page App] Serve static content (HTML, CSS, JS, and image files) directly from a storage container named $web. [REST API Gateway] Serverless API management with automated scaling for securing, publishing, and analysing APIs [Backend - Microservice] FaaS in Azure. An event- driven serverless compute platform [Backend – Database] NoSQL Databases in Azure with almost limitless scaling JWT Key MSI JWT
  • 37. SECURE SERVERLESS ARCHITECTURE Azure Active Directory Azure Key Vault API Management Storage blob Static Website Hosting Sign In Open-id config MSI Access Policy GET Static Assets (Unauthenticated) AJAX API Calls API Calls Table Ops GET Secret SPA App (ADAL.js) Storage table CORS policy Validate JWT policy Validate Claims JWT JWTFunction Key Get Access Token Data Store JWT
  • 38. TAKEAWAYS • Implement OAUTH 2.0 Implicit Flow in the SPA to get a access token for the Function App being called • Register the SPA and the Function App in Azure AD as applications • Change Function App application manifest and add “app roles” • Grant roles to users in AD for the Function App application • Publish the Function App in Azure API Management • Validate the JWT token in APIM policy • Check the role in the claims within the JWT in Function App code • Set Managed Identity for the Function App • Stote connection strings as secrets in Azure Key Vault • Grant least privilege access policy to the Function App MSI in the Key Vault • Change the application configuration for Function App to point to Key Vault
  • 39. THANK YOU Pratik Khasnabis Azure Cloud Architect (MCSE & MCSD) @softveda

Editor's Notes

  • #3: https://martinfowler.com/articles/serverless.html
  • #6: https://snyk.io/
  • #16: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
  • #23: https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration
  • #34: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
  • #40: https://github.com/mspnp/serverless-reference-implementation/blob/master/src/readme.md