Are you a startup?
Get BizSpark cloud access
Get up to $3,700 of cloud benefits
Don’t have MSDN?
Here’s cloud access
So which security threats are mitigated by the Windows Azure environment and which security threats must be mitigated by the developer?
The paper, Security Best Practices for Developing Windows Azure Applications, describes what you should consider as key threats that your an application running on the Windows Azure. And it shows specifically where Azure provides the mitigation and those you need to call APIs and those which you need to handle yourself. (It does not address regulatory compliance issues.)
I’ll take a selection of the threats and and what you should do and provide a reference for where you can learn more about how to implement them in your code. This list comes from Windows Azure Security Overview. But the results will come for you.
This is not an exhaustive list. And as you can tell from the previous parts in this series, you tailor your security practices based on your own application needs.
Tampering/disclosure of credentials or other sensitive application data. Use Windows Identity Foundation and HTTPS mutual authentication for SSL connections.
Audit log collection, storage and analysis. Use monitoring and diagnostic APIs as needed; transfer logs to Storage private blob/table storage over HTTPS. See:
Disclosure of arbitrary secrets in blob/table/queue storage. Pre-encrypt secret data prior to uploading. Do not store decryption keys in Windows Azure Storage.
Disclosure of Shared Access Signatures. Use HTTPS to securely transfer Shared Access Signatures to intended recipients and set appropriate permissions on containers. See Managing Access to Blobs and Containers for how to use Shared Access Signatures.
Request flooding at the customer code/app level. Implement application-level request throttling if necessary. See Autoscaling and Windows Azure.
Misconfiguration of Service/Application settings. Must scope all cookies and the document.domain property to the service subdomain (eg. http://contoso.cloudapp.net) and NOT to *.cloudapp.net
Cross-site Request Forgery Attacks against the web role. Use ASP.NET defenses. See Take Advantage of ASP.NET Built-in Features to Fend Off Web Attacks.
Cross-site Scripting Attacks against the web role. Use the Anti-XSS Library.
API fuzzing attacks on interfaces exposed by the web role. Fuzz all interfaces and endpoints unique to code exposed to the web (or any other services)
Apply security-testing tools including fuzzing tools. "Fuzzing" supplies structured but invalid inputs to software application programming interfaces (APIs) and network interfaces so as to maximize the likelihood of detecting errors that may lead to software vulnerabilities.
File Fuzzing attacks against custom, application-provided file parsers. Fuzz test all proprietary network protocol or file format parsers.
Patching of security vulnerabilities at the Web Role/customer code level. Have a security response and updating plan in place.
You can get tools to assist in your fuzzing testing from the The Microsoft Security Development Lifecycle (SDL) site. SDL includes tools and processes that you can use freely. For example, you can use:
I added this section about SQL Azure because the platform offers some additional ways to mitigate the threats that you should know.
SQL Azure Security Administration. Security administration in SQL Azure Database is similar to security administration for an on-premise instance of SQL Server. Managing security at the database-level is almost identical, with differences only in the parameters available. Because SQL Azure databases can scale to one or more physical computers, SQL Azure Database uses a different strategy for server-level administration.
SQL Azure Firewall. You can lock down your database to provide access to only those users or computers who are authorized. To help protect your data, the SQL Azure firewall prevents all access to your SQL Azure server until you specify which computers have permission. The firewall grants access based on the originating IP address of each request.
The Trustworthy Computing Security Development Lifecycle
Windows Azure Security Overview
The Microsoft Security Development Lifecycle (SDL)
Windows Azure Security Best Practices – Part 5: Claims-Based Identity, Single Sign On. User identification represents the keys to accessing data and business processes in your application. In this section, I describe how you can separate user identity and the roles of your user out of your application and make it easier to create single sign on applications.
Here are links to the articles in this series:
Bruce D. Kyle ISV Architect Evangelist | Microsoft Corporation