Tags: Security

How to get a Bearer access token for Azure

Security Cyber Benjamin Perkins

Even though I am not a security expert, it has always interested me.  When I worked on the IIS team some years back, pre Azure and pre Cloud days the protocol mostly used for large corporations was Kerberos.  Initially, troubleshooting those issues would give me sleepless nights, but over some years you begin to see […]

Read More →

WEBSITE_VNET_ROUTE_ALL and Azure Functions

Azure Benjamin Perkins

This would apply to Azure App Services too. This is an interesting feature.  To me it resembles or provides the ability to force tunnel.  The implementations of forced tunneling I have seen have typically been configured using route tables.  Where the route table is a matrix of IP addresses (see Figure 6) that instructs TCP […]

Read More →

Microsoft Authenticator App

Security Cyber Benjamin Perkins

If you are still using UID and Password as the only means for authentication, you might consider implementing Multi Factor Authentication (MFA).  One way to do this is by using the Microsoft Authenticator App which you can read all about it here.  I am writing this mostly to help me remember how I configured it […]

Read More →

Create an Azure Key Vault and Secret

Azure Benjamin Perkins

Storing, for example, a database connection string which include server name, user id and password in source code or in a configuration file is what is called ‘password leaking’.  That means that anyone who has access to application source code can search through and get access to the database, because the information required to connect […]

Read More →