Software Composition Analysis in SonarQube Advanced Security for SonarQube Cloud

On the 15th of September, 2025, Sonar finally released the long-awaited Software Composition Analysis (SCA) to SonarQube Advanced Security for SonarQube Cloud! Software Composition Analysis (SCA) is an ideally automated process that analyzes software codebases to identify or detect embedded open-source software/components. The identified/detected dependencies form the basis for the following features that SCA tools... Continue Reading →

2025-10-24 0

[HOWTO] Enable and configure Defender for Storage at the storage account level by using Terraform

I aimed to enable Defender for Storage on a dedicated storage account using Terraform, updating the existing configuration. Although the Terraform apply succeeded, the feature was not enabled. After research, I resolved the issue by adjusting user roles, allowing a subsequent Terraform apply to produce the desired outcome.

2025-10-20 0

[HOWTO] Set Minimum TLS Cipher Suite of Azure App Service using Terraform

An application’s pentest revealed weak SSL/TLS cipher suites in Azure App Services. To enhance security, non-forward-secrecy cipher suites must be disabled. Utilizing Terraform and the azapi provider, a workaround was implemented to configure the Minimum TLS Cipher Suite, enforcing modern cryptographic standards.

2025-02-03 0

[HOWTO] Rotate Azure Key Vault secrets used by an ASP.NET Core Web API with Terraform on every deployment

The blog post details the process of rotating secrets stored in Azure Key Vault with each application deployment, utilizing Infrastructure as Code (IaC) principles via Terraform. It emphasizes the importance of secret rotation to minimize risks from leaks. An ASP.NET Core Web API is demonstrated as the application example, alongside procedural GitHub Actions for deployment.

2024-11-08 2

[HOWTO] Create Azure DevOps Service Connections with authentication method Workload Identity Federation using Terraform

Since fall 2023, Workload Identity Federation for Azure service connections has been available, allowing short-lived credential-free authentication to Azure. This post explains its benefits, its limitations, and provides an example of creating service connections using terraform.

2024-04-17 1

[HOWTO] Implement Azure Functions middleware for authentication purposes

The article discusses how the author implemented middleware to verify payload signatures for webhook calls from Enode, an energy device connection and management platform, using the .NET Azure Functions isolated worker model. The author created a middleware that validates the Enode signature and an Azure Function that consumes the webhook, returning an unauthorized status code if the signature is invalid. The author also noted limitations with .NET integration testing for isolated model .NET Azure Functions.

2023-10-25 1

[HOWTO] Integrate SonarCloud analysis in an Azure DevOps YAML pipeline

This post is about the integration of SonarCloud analysis in Azure DevOps YAML pipelines starting from a basic scenario that analyzes a repository containing a .NET Core 7 solution and ending up with a more complex scenario that analyzes a repository that additionally contains a React application and Terraform files.

2023-10-06 3

[NoBrainer] Avoid detailed JSON deserialization error messages in Web API responses

In a report of a penetration test, a finding was listed that criticized the disclosure of detailed error messages that provide information about the technology used for the implementation. Concretely, the finding was about error messages returned in responses from a .NET Core Web API to requests with an incorrect body. Due to the incorrect... Continue Reading →

2023-06-08 0

Website Powered by WordPress.com.

Up ↑

Tag: Security