In this course, we will explore the attack and defense aspects of various vulnerabilities, including Template Injection and Yaml Deserialization on Azure Functions. Additionally, we will delve into run-time event-based attacks like YAML Deserialization and XXE on Azure Functions.
Finally, we will analyze defense strategies such as the importance of logging system and application logs in log analytics and syslog for effective incident management. Furthermore, we will examine how Private Links and Private Endpoints can aid in secure communication.
Azure Security Functions
Azure Template Injection - Attack
Azure Template Injection - Defense
Azure YAML Deserialization - Attack
Azure YAML Deserialization - Defense
Azure XXE Blob Trigger
Azure YAML Deserialization - Blob Trigger
Azure Private Link with Private End Point
Azure Sentinal Syslog