Share via

What kind of security is needed for web services?

Richest Soft 1 Reputation point
2021-09-06T07:50:59.95+00:00

Recently, I plan to create a website and for that, I need suggestions about how to make the website secure? And for that what kind of security a website required.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,757 questions
Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
926 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Takahito Iwasa 4,851 Reputation points MVP
    2021-09-06T15:10:58.66+00:00

    Hi.

    I think there are things that are done in the application layer and things that are done in the infrastructure layer.

    As long as you use App Service and Static Web Apps, you don't have to worry about OS security software.
    However, if your system involves file uploads, you may need to scan check the uploaded files.

    Typical external attacks include SQL injection, XSS, and DDos attacks. Azure WAF may work.

    0 comments
  2. ajkuma 26,131 Reputation points Microsoft Employee
    2021-09-06T19:32:14.16+00:00

    @Richest Soft , Just adding to TakahitoIwasa suggestions with some Azure docs.

    General recommendations are to use the latest versions of supported platforms, programming languages, protocols, and frameworks. Cover the aspects including Identity and access management, Data protection, networking, and monitoring.

    The platform components of App Service, including Azure VMs, storage, network connections, web frameworks, management and integration features, are actively secured and hardened. App Service goes through vigorous compliance checks on a continuous basis to make sure that.
    Security in Azure App Service

    Security recommendations for App Service
    -This article contains security recommendations for Azure App Service. Implementing these recommendations will help you fulfill your security obligations as described in our shared responsibility model and will improve the overall security for your Web App solutions.
    For more information on what Microsoft does to fulfill service provider responsibilities, read Azure infrastructure security (As TakahitoIwasa pointed out).

    The Azure Security Baseline for App Service contains recommendations that will help you improve the security posture of your deployment. The baseline for this service is drawn from the Azure Security Benchmark version 1.0, which provides recommendations on how you can secure your cloud solutions on Azure with our best practices guidance. The content is grouped by the security controls defined by the Azure Security Benchmark and the related guidance applicable to App Service.
    Azure security baseline for App Service

    -Since you have posted the question on azure-webapps and azure-static-web-apps -We assume you’re looking for security features on these two Azure services.
    Best practices for securing PaaS web and mobile applications using Azure App Service

    In this article, we discuss a collection of Azure App Service security best practices for securing your PaaS web and mobile applications.
    These best practices are derived from our experience with Azure and the experiences of customers like yourself.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.