![Page 1: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/1.jpg)
August 21, 2019
Application Gateway
Log Analytics
Web App
![Page 3: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/3.jpg)
![Page 4: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/4.jpg)
![Page 5: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/5.jpg)
Open Web Application Security Project
OWASP ModSecurity Core Rule Set (CRS)
![Page 6: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/6.jpg)
OWASP Top 10 Most Critical Web Application Security Risks
A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging&Monitoring
![Page 7: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/7.jpg)
*
https://www.zaproxy.org/
https://github.com/zaproxy/zap-hud
![Page 8: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/8.jpg)
Case ManagementAnalytics - Alerts
AzureSentinel
![Page 9: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/9.jpg)
Azure Application Gateway
▪ An application delivery controller
▪ layer 7 load balancing/routing capabilities
▪ web application firewall.
![Page 11: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/11.jpg)
https://docs.microsoft.com/en-us/azure/azure-monitor/azure-monitor-rebrand#log-analytics-redefinition
![Page 12: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/12.jpg)
![Page 13: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/13.jpg)
![Page 14: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/14.jpg)
![Page 15: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/15.jpg)
• Configuration
• Penetration Test
• Monitoring with Log Analytics
• Alert
• Security Center, Azure Sentinel
* see appendix slides for demo screenshots
![Page 16: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/16.jpg)
![Page 18: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/18.jpg)
![Page 19: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/19.jpg)
![Page 20: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/20.jpg)
![Page 21: August 21, 2019 - OWASP · 2019-08-26 · Exam 346: Managing Office 365 Identities... Microsoft Microsoft@ MVP , Most Valuable Professional . Application Gateway Frontend IP Config](https://reader033.vdocuments.mx/reader033/viewer/2022041703/5e42f5ff9e318c52665e807e/html5/thumbnails/21.jpg)