Infrastructure security overview
Infrastructure and development are broad technical areas. Each has numerous distinct conceptual layers and components that integrate together. The provided best practices also take into account the complex relationship between infrastructure and development.
Application development and infrastructure security
Application development security relies on infrastructure security. If an application's underlying infrastructure (such as virtual machines) is compromised, attackers who gain control of the infrastructure can almost always gain control of the application and its data as well. Applications and build processes that host CI/CD, and so on. are often hosted on infrastructure operated by an organization (or a SaaS application managed through infrastructure admin personnel and accounts).
As with all technology disciplines, take a "continuous improvement" approach. Start out with quick wins and continue with incremental progress toward a "north star"—a specified end state across your security strategy, architecture, implementation, and operations.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for