How to get the Secret from an Output of an Azure Key Vault ARM Template Deployment to the Main ARM Template

The Scenario I have a set of ARM templates that deploys an azure app service solution with Azure Key Vault and a secret value. The main template is calling out via the linked template resource reference to the Key Vault resource template. ... snippet ... }, "resources": [ { "apiVersion": "2018-05-01", "name": "linkedTemplate-keyvault", "type": "Microsoft.Resources/deployments", …

Continue reading How to get the Secret from an Output of an Azure Key Vault ARM Template Deployment to the Main ARM Template

Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome

Background: I have an Azure App Gateway with the Web Application Firewall that is fronting an Azure App Service for http traffic. Issue: Visiting the public URL of my web app in IE works fine, but in Chrome, I get an error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY What is the general cause? According to this article, "By default, IIS …

Continue reading Issue Resolution: App Gateway returning ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY in Chrome

Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Scenario: The SSL certificate used in my Azure Application Gateway has expired and needs to be replaced. This SSL certificate was bought through the Azure Portal. Background: The certificate was provisioned through the App Service Certificate service in Azure. The certificate is store in my Azure Key Vault. The App Gateway is used as an …

Continue reading Renewing the Azure App Service SSL Certificate in an Application Gateway HTTP Listener

Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Continuing from my last post Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro, I will demonstrate a very simple penetration test. Thanks to Tanya Janca (@shehackspurple), an OWASP specialist, who suggested I try out the OWASP ZAP tool. “The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool

Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro

In setting up an application with appliances that provide protections from cyber threats, it is always necessary to have penetration testing and monitoring throughout the solution's lifecycle management. I will demonstrate the following scenario: Protect your web app using Azure Application Gateway’s Web Application Firewall features. Enable and configure the WAF The web app is …

Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro