Azure Resource Graph Queries by Resource Type

The Azure Resource Graph provides the ability query and explore your azure resources at scale. That is across all your subscriptions. I will show options to find the resource type that is be used in your resource graph query. You may ask how to query for storage account resource types and need to find the …

Continue reading Azure Resource Graph Queries by Resource Type

My Azure Resource Graph Queries using Aggregation

Azure Resource Graph supports querying resources across multiple subscriptions and is fast. The key value add is that it supports aggregation using the summarize operator. For example answering questions such as How many resources grouped by subscription or location? How many of each OS type are used in resource groups? What is the most used …

Continue reading My Azure Resource Graph Queries using Aggregation

My Practical Intro to Azure Resource Graph

The Azure Resource Graph is attractive to me for its ability to query Azure resources at scale. I find this relevant in situations where you are managing a large number of subscriptions, resource groups and resources. And you are in situations to analyze and report on them. Without Azure Resource Graph, I would use Azure …

Continue reading My Practical Intro to Azure Resource Graph

Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Scenario: The SSL certificate used in my Azure Application Gateway has expired and needs to be replaced. This SSL certificate was bought through the Azure Portal. Background: The certificate was provisioned through the App Service Certificate service in Azure. The certificate is store in my Azure Key Vault. The App Gateway is used as an …

Continue reading Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Penetration Testing Your Web App with Azure Application Gateway WAF Part 3: Log Analytics

Continuing from the previous post Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool, I will show how to query the WAF logs using Azure Log Analytics as it provides near real-time monitoring. To get a more comprehensive implementation of Log Analytics you can read my other blog series …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 3: Log Analytics

Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Continuing from my last post Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro, I will demonstrate a very simple penetration test. Thanks to Tanya Janca (@shehackspurple), an OWASP specialist, who suggested I try out the OWASP ZAP tool. “The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro

In setting up an application with appliances that provide protections from cyber threats, it is always necessary to have penetration testing and monitoring throughout the solution's lifecycle management. I will demonstrate the following scenario: Protect your web app using Azure Application Gateway’s Web Application Firewall features. Enable and configure the WAF The web app is …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro