Azure Security and Infosec Fails


For our April meetup, we have both Frans and Robin back talking all about security! We hear about security breaches all the time - and we always think that it won't happen to us. Until it does happen to us. Join us for two talks from two fantastic speakers showing how to dramatically decrease the chance of it being you next time! It's a very important topic, so definitely not one to miss!

### Frans Lytzen - Securing Web Apps in Azure

So you have deployed your web app to Azure. Now, how do you make it more secure and compliant?

In this fast-paced talk we will run through an overview of some of the Azure technologies that you can use to better protect your web applications in Azure - all depending on your required security level, of course. The talk will set out a framework for you to consider which protections you want to put in place and provide you with the awareness of the tools at your disposal.

Stop attackers, inside and outside, from getting access in the first place by using Web Application Firewall, VNets, encrypting or masking data and removing credentials from code and config.

Know when someone is trying to get in by using Log Analytics, Alerts and SQL Azure Threat Detection

Stop ongoing attacks and limit the impact of attacks by blocking their access, partitioning your application, ensuring attackers can't get at further credentials and limit what data they can get access to.

### Robin Minto - #FAIL - Lessons from infosec incidents

Securing a web application is a challenge. The internet is awash with malicious traffic and web applications are globally accessible. Don’t make it easy for them and the baddies will move on and find someone else to annoy.

We’ll look at the risks facing web applications, the basic steps you can take so that you don’t make yourself a target and the things you should do to avoid becoming a data breach statistic. We’ll also look at lessons that can be learnt from mistakes that others have made.

We’ll demo some of the techniques and tools in both attack and defence with examples for any web application developer.