The previous blog post part 4, I have shown how to create Analytics rules that alert for SQL Injection attacks. I will show the incidents that are generated from this rule to do further investigation. Your organization may have a cyber security team that will monitor, analyze and investigate incidents to evaluate threats. Incidents investigation …
Tag: OWASP
Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 3 Monitoring
Continuing from blog post Part 2. Azure Sentinel Workbooks provides custom dashboard to see the data in the form of visualizations and tables. These data presentations are based on queries to the log analytics workspace. You can create a workbook from scratch or leverage built-in workbooks by starting from templates. For the Web Application Firewall …
Using Azure Sentinel with Azure App Gateway to Investigate Web Attacks – Part 2 Setup
Continuing from the previous post Part 1, Let's setup Azure Sentinel with a Log Analytics Workspace. To setup Azure Sentinel, you need to add a log analytics workspace. In my case, I have an existing log analytics workspace, called rkimOMS, that is already configured to collect diagnostic data from an existing application gateway. Data Connectors …
Penetration Testing Your Web App with Azure Application Gateway WAF Part 3: Log Analytics
Continuing from the previous post Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool, I will show how to query the WAF logs using Azure Log Analytics as it provides near real-time monitoring. To get a more comprehensive implementation of Log Analytics you can read my other blog series …
Penetration Testing Your Web App with Azure Application Gateway WAF Part 2: OWASP ZAP Tool
Continuing from my last post Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro, I will demonstrate a very simple penetration test. Thanks to Tanya Janca (@shehackspurple), an OWASP specialist, who suggested I try out the OWASP ZAP tool. “The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free …
Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro
In setting up an application with appliances that provide protections from cyber threats, it is always necessary to have penetration testing and monitoring throughout the solution's lifecycle management. I will demonstrate the following scenario: Protect your web app using Azure Application Gateway’s Web Application Firewall features. Enable and configure the WAF The web app is …
Continue reading Penetration Testing Your Web App with Azure Application Gateway WAF Part 1: Intro
Roy Kim on Azure and Microsoft 365 