Contents Secure Development Documentation Concepts Best practices Overview Design secure apps Develop secure apps Deploy secure apps Resources Microsoft Security Code Analysis Overview Onboarding and installation Configuration FAQs YAML Configuration Releases and roadmap Microsoft Threat Modeling tool Getting started Feature overview Threats Releases Threat Modeling Tool GA release 7.1.5091.2 - September 12 2018 Threat Modeling Tool update release 7.1.51023.1 - November 1 2018 Threat Modeling Tool update release 7.1.60126.1 - January 29 2019 Threat Modeling Tool update release 7.1.60408.1 - April 9 2019 Threat Modeling Tool update release 7.1.60702.1 - July 2 2019 Threat Modeling Tool update release 7.1.61015.1 - October 16 2019 Threat Modeling Tool update release 7.3.00206.1 - February 11 2020 Threat Modeling Tool update release 7.3.00316.1 - March 22 2020 Threat Modeling Tool update release 7.3.00714.2 - July 14 2020 h t i g b u c . 5 m o Threat Modeling Tool update release 7.3.00729.1 - July 29 2020 Mitigations Auditing and logging Authentication Authorization Communication security Configuration management Cryptography Exception management Input validation Sensitive data Session management h t i g b u c . 5 m o h t i g b u c . 5 m o Secure development best practices on Azure 5/20/2022 • 4 minutes to read • Edit Online This series of articles presents security activities and controls to consider when you develop applications for the cloud. The phases of the Microsoft Security Development Lifecycle (SDL) and security questions and concepts to consider during each phase of the lifecycle are covered. The goal is to help you define activities and Azure services that you can use in each phase of the lifecycle to design, develop, and deploy a more secure application. The recommendations in the articles come from our experience with Azure security and from the experiences of our customers. You can use these articles as a reference for what you should consider during a specific phase of your development project, but we suggest that you also read through all of the articles from beginning to end at least once. Reading all articles introduces you to concepts that you might have missed in earlier phases of your project. Implementing these concepts before you release your product can help you build secure software, address security compliance requirements, and reduce development costs. m o These articles are intended to be a resource for software designers, developers, and testers at all levels who build and deploy secure Azure applications. c . 5 Overview Security is one of the most important aspects of any application, and it’s not a simple thing to get right. Fortunately, Azure provides many services that can help you secure your application in the cloud. These articles address activities and Azure services you can implement at each stage of your software development lifecycle to help you develop more secure code and deploy a more secure application in the cloud. h t i g Security development lifecycle b u Following best practices for secure software development requires integrating security into each phase of the software development lifecycle, from requirement analysis to maintenance, regardless of the project methodology (waterfall, agile, or DevOps). In the wake of high-profile data breaches and the exploitation of operational security flaws, more developers are understanding that security needs to be addressed throughout the development process. The later you fix a problem in your development lifecycle, the more that fix will cost you. Security issues are no exception. If you disregard security issues in the early phases of your software development, each phase that follows might inherit the vulnerabilities of the preceding phase. Your final product will have accumulated multiple security issues and the possibility of a breach. Building security into each phase of the development lifecycle helps you catch issues early, and it helps you reduce your development costs. We follow the phases of the Microsoft Security Development Lifecycle (SDL) to introduce activities and Azure services that you can use to fulfill secure software development practices in each phase of the lifecycle. The SDL phases are: Training Requirements Design Implementation Verification Release Response In these articles we group the SDL phases into design, develop, and deploy. Engage your organization’s security team Your