Azure App Services Security

Cloud and service and Security go hand in hand. Azure App Services is no exception to it. Here is the assorted list of security measures can be taken for App Services

• Secure your web app using various means of authentication and authorization
  
  • Setup Azure Active Directory authentication for your app
    
• Secure traffic to your app by enabling Transport Layer Security (TLS/SSL) – HTTPS
  
  • Force all incoming traffic over HTTPS connection
    
• Enable Strict Transport Security (HSTS)
  
• Restrict access to your app by client’s IP address
  
• Restrict access to your app by client’s behavior – request frequency and concurrency
  
• Scan your web app code for vulnerabilities using Tinfoil Security Scanning
  
• Configure TLS mutual authentication to require client certificates to connect to your web app
  
• Configure a client certificate for use from your app to securely connect to external resources
  
• Remove standard server headers to avoid tools from fingerprinting your app
  
• Securely connect your app with resources in a private network using Point-To-Site VPN
  
• Securely connect your app with resources in a private network using Hybrid Connections
  
• Achieve security isolation for your apps using App Service Environments (ASE)
  
  • Configure a Web Application Firewall (WAF) in front of your ASE
    
  • Configure access control for inbound network traffic for your ASE
    
  • Securely connect to backend resources from your ASE
    

Namoskar!!!