DevSecOps: The anatomy of a unicorn

For the past few months I have spent quite a bit of time interviewing candidates for DevSecOps positions, we are not looking for any one particular position. We have a need for a number of people with differing levels of seniority/experience. However this has been a largely unsuccessful task. As a result I have spent… Continue reading DevSecOps: The anatomy of a unicorn

Securing an App Service Environment (ASE)

Following on from my previous post about Network Security Groups, this post is about securing an App Service Environment. An Application Gateway with Web Application Firewall (WAF) is also included to provide additional protection by providing the Web Application Gateway functionality. This works by inspecting the traffic and providing defence against the OWASP top 10… Continue reading Securing an App Service Environment (ASE)

Managing Azure Network Traffic with Network Security Groups

Azure Network Security Groups (NSG) are a core tool that enables you to control the network traffic flow within an Azure Virtual Network. A Network Security Group is a collection of stateful layer 3/4 allow/deny rules, that can be associated with either subnets or individual network interfaces. In this post I hope to cover the basics of how NSGs can be used to manage the traffic within an Azure environment and provide segmentation as part of a zero trust solution.