Application Security on Microsoft Azure


Application Security on Microsoft Azure

Authors: Sahil Malik, John Savill, Reza Salehi, Troy Hunt, Peter Mosmans

Security has become “everyone’s responsibility” and as a developer you are responsible for creating secure applications in the cloud. This path will introduce you to the ways in... Read more

What you will learn

  • How to implement authentication
  • How to implement access control
  • How to secure your application data
  • How to write code that meets OWASP standards


This path is intended for beginners, and no prerequisites are required for this path.


The courses in this section will teach you the fundamentals for implementing authentication, including writing integration code to Azure Active Directory, tokens and certificates, and multi-factor authentication. These topics are the perfect foundation for you to move to the intermediate level.

Microsoft Azure Authentication Scenarios for Developers

by Sahil Malik

Oct 9, 2020 / 2h 56m

2h 56m

Start Course

The importance of Azure AD in Azure Authentication scenarios cannot be overstated. In this course, Microsoft Azure Authentication Scenarios for Developers, you will learn basic application scenarios, as well as MFA, B2C, certificate-based authentication, and SQL Server authentication. First, you will explore Azure Active Directory, and learn how to perform forms-based authentication. Next, you will learn about business to consumer authentication, and Azure Active Directory authentication for an SQL database. Finally, you will discover how to set up multi-factor authentication using Azure Active Directory, as well as setting up a certificate-based authentication. When you are finished with this course, you will have a good understanding of the various authentication scenarios Azure supports and you will feel confident in making the right architectural choices for your applications.

Table of contents
  1. Course Overview
  2. Azure Authentication and Azure Active Directory
  3. Performing Forms-based Authentication with Azure Active Directory
  4. Azure Active Directory Business to Consumer Authentication
  5. Azure Active Directory Authentication for SQL Database
  6. Multi-factor Authentication Using Azure Active Directory
  7. Azure Active Directory Certificate-based Authentication


This intermediate courses will introduce you to how to implement access control on Microsoft Azure, including RBAC, and CBAC authorization. Once you fully comprehend the topics in this area, you’ll be ready to move on to the advanced courses.

Managing Microsoft Azure Active Directory

by John Savill

Feb 10, 2020 / 2h 58m

2h 58m

Start Course

At the core of identity in the cloud utilizing Microsoft technologies is a thorough knowledge of Azure AD. In this course, Managing Microsoft Azure Active Directory, you’ll learn how to manage your organization's Azure AD deployment. First, you’ll learn the fundamentals of users and groups. Next, you’ll explore key capabilities to secure and enable end-user productivity, such as conditional access and privileged identity management. Finally, you’ll discover how to utilize Azure AD with modern desktop environments and legacy applications using Azure AD Join and Azure AD Domain Services. When you’re finished with this course, you’ll have the skills and knowledge of Azure AD needed to manage your environment.

Table of contents
  1. Course Overview
  2. User and Group Management Using the Azure Portal
  3. PowerShell Management and Utilizing Azure AD Logs
  4. Using Role-Based Access Control and Conditional Access
  5. Azure AD Privileged Identity Management
  6. Leveraging Azure AD Join and Azure AD Domain Services


In this section, you’ll get the opportunity to explore how to secure your data, how to meet OWASP standards, and how to make sure you are producing secure code that can hold up to threats.

Microsoft Azure Developer: Securing Data

by Reza Salehi

Jul 14, 2020 / 3h 16m

3h 16m

Start Course

At the core of developing applications for Microsoft Azure is a thorough knowledge of securing data. In this course, Microsoft Azure Developer: Securing Data, you’ll learn how to protect your application configuration and data from unauthorized access. First, you’ll learn how to secure your application configuration settings such as database connection strings using Azure Key Vault and Managed Service Identity (MSI). Next, you’ll explore Azure Storage Service encryption for data at rest (SSE), Azure Disk Encryption (ADE) and Azure SQL Database Always Encrypted, to protect data against disk theft, or to comply with security standards. Finally, you’ll discover how to secure client-server communications using SSL/TLS encryption. When you’re finished with this course, you’ll have the necessary knowledge of securing data to help you in leveraging Microsoft Azure's out-of-the-box offerings to develop more secure applications.

Table of contents
  1. Course Overview
  2. Getting Started
  3. Protecting Application Keys and Secrets with Azure Key Vault and MSI
  4. Encrypting and Decrypting Data at Rest
  5. Encrypting Data with Always Encrypted
  6. Implementing SSL/TLS Communications
  7. Securing Data While in Use with Azure Confidential Compute

Hack Yourself First: How to go on the Cyber-Offense

by Troy Hunt

Aug 30, 2013 / 9h 25m

9h 25m

Start Course

The prevalence of online attacks against websites has accelerated quickly in recent years and the same risks continue to be readily exploited. However, these are very often easily identified directly within the browser; it's just a matter of understanding the vulnerable patterns to look for.

This course, Hack Yourself First: How to go on the Cyber-Offense, comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks and this is how they go about it.

This approach is more reflective of the real online threat than reviewing source code is and it empowers developers to begin immediately assessing their applications even when they're running in a live environment without access to the source. After all, that's what online attackers are doing.

Table of contents
  1. Introduction
  2. Transport Layer Protection
  3. Cross Site Scripting (XSS)
  4. Cookies
  5. Internal Implementation Disclosure
  6. Parameter Tampering
  7. SQL Injection
  8. Cross Site Attacks
  9. Account Management

Web Security and the OWASP Top 10: The Big Picture

by Troy Hunt

Mar 18, 2014 / 2h 3m

2h 3m

Start Course

Security on the web is becoming an increasingly important topic for organisations to grasp. Recent years have seen the emergence of the hacktivist movement, the increasing sophistication of online career criminals and now the very real threat posed by nation states compromising personal and corporate security.

The Open Web Application Security Project gives us the OWASP Top 10 to help guide the secure development of online applications and defend against these threats.

This course takes you through a very well-structured, evidence-based prioritization of risks and, most importantly, how organizations building software for the web can protect against them.

Table of contents
  1. Introduction
  2. Injection
  3. Broken Authentication and Session Management
  4. Cross-Site Scripting (XSS)
  5. Insecure Direct Object References
  6. Security Misconfiguration
  7. Sensitive Data Exposure
  8. Missing Function Level Access Control
  9. Cross-Site Request Forgery (CSRF)
  10. Using Components with Known Vulnerabilities
  11. Unvalidated Redirects and Forwards

Secure Coding: Preventing Insecure Deserialization

by Peter Mosmans

Mar 21, 2018 / 1h 2m

1h 2m

Start Course

As a developer, it is important to be familiar with common vulnerabilities that are often encountered in web application. Insecure deserialization is one of those vulnerabilities, ranking 8th in the OWASP Top 10 2017. In this course, Secure Coding: Preventing Insecure Deserialization, you will learn how to properly defend yourself against that particular vulnerability First, you will learn about the basics of serialization and deserialization, and about the various serialization file formats. Next, you will discover what insecure deserialization actually is, and how it can be exploited: In order to fix the problem, you need to know what can go wrong. Finally you will explore how to properly prevent insecure deserialization in any development language or framework. By the end of this course, you will have the secure coding skills and knowledge needed to prevent insecure deserialization vulnerabilities from creeping into your application.

Table of contents
  1. Course Overview
  2. What Is Serialization and Deserialization?
  3. Deserialization: How It Can Be Exploited
  4. Insecure Patterns for Deserialization
  5. How to Securely Implement Deserialization

Secure Coding: Preventing Insufficient Logging and Monitoring

by Peter Mosmans

Jul 25, 2018 / 1h 23m

1h 23m

Start Course

It is extremely important for the security of your company to know what's currently happening to your application. This can be achieved by proper application logging and monitoring. In this course, Secure Coding: Preventing Insufficient Logging & Monitoring, you will learn what to think of when setting up logging and monitoring for applications. First, You will learn what is meant with the risk of insufficient logging and monitoring. Next, you'll explore what your application should and shouldn't log. Finally, you'll discover how to ensure and improve the quality of log files. When you're finished with this course, you'll have all the application logging and monitoring skills and knowledge needed to detect (future) security incidents on time.

Table of contents
  1. Course Overview
  2. Understanding Insufficient Logging and Monitoring
  3. Determining What Applications Should and Should Not Log
  4. Improving and Ensuring the Quality of Logfiles
  5. Applying an Effective Monitoring Strategy

Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities

by Peter Mosmans

Dec 18, 2018 / 59m


Start Course

The OWASP Top 10 2017 contains a new entry; XML External Entities (XXE). As not many people know what this vulnerability is, it can be difficult to prevent against. In this course, Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities, you will learn what this vulnerability is, how it ended up in the latest OWASP Top 10, how you can identify it in your code, and how to protect against it. First, you will discover the impact of a successful XML External Entity attack. Next, you will explore how to identify risky parts in your code base. Finally, you will learn how to mitigate against vulnerabilities. By the end of this course, you will be familiar with the risk that XML External Entities pose.

Table of contents
  1. Course Overview
  2. Understanding the Dangers of XML External Entities (XXE)
  3. Understanding XML External Entities (XXE) Injection and Expansion
  4. Identifying Vulnerable Parts Within Existing Code
  5. Mitigating XML External Entity (XXE) Vulnerabilities
Offer Code *
Email * First name * Last name *
Country *

* Required field

Opt in for the latest promotions and events. You may unsubscribe at any time. Privacy Policy

By providing my phone number to Pluralsight and toggling this feature on, I agree and acknowledge that Pluralsight may use that number to contact me for marketing purposes, including using autodialed or pre-recorded calls and text messages. I understand that consent is not required as a condition of purchase from Pluralsight.

By activating this benefit, you agree to abide by Pluralsight's terms of use and privacy policy.

I agree, activate benefit