Abusing Azure Managed Identity tokens is surprisingly easy when your environment isn’t configured correctly. But what does ‘correct configuration’ entail? What risks are you exposed to, and what can these tokens achieve? Most importantly, how can you safeguard your data against such threats? Please find all the answers in my comprehensive article! Abusing Azure Managed Identity tokens – generation Utilizing Azure Managed Identity offers significant advantages: no need for managing […]
Api Management / App Service / Azure / Azure pipelines / Terraform
Posted on:
Expert Summit 2023 – REST API with private API Management Access
I had the pleasure of delivering a presentation at the Expert Summit 2023 on a network-isolated REST API, made accessible through API Management. For those interested in the source code from the live coding session, it is available for you to explore. Have fun! Below, you can view the architecture that was developed during the live session: The recording of the session can be found here! I truly hope you […]
Api Management / App Service / Azure DevOps / Azure pipelines / SQL
Posted on:
Deploy Azure App Service integrated with Azure SQL and APIM
In this article, I’ll demonstrate how to deploy the .NET 7.0 Rest API with Managed Identity and integrate it with Azure SQL. As a result, you can access Azure SQL without requiring a password in your application. Cool setup, in your perception? This is the next episode of the Network Series. Just to recap, in the Network series, I demonstrate how to expose Rest APIs using Azure API Management. Private […]
Api Management / App Service / Container Apps / Container Instances / Functions / KeyVault / SQL / Terraform
Posted on:
Rest API with Private Endpoint, exposed to API Management by Terraform
Welcome to the Networking Series in Azure! Do you want to learn how to create a secure Rest API that is using a Private Endpoint for Azure SQL, KeyVault, Storage Account, and Container Registry exposed using API Management, managed by Terraform and Azure DevOps? If the answer is yes, this article is for you! As always in my blog, if you need only sources and know what you are doing, […]