Windows Azure understands application security through the security framework

The 1th part describes the threat situation and recommends that your application use defense-in-depth. Part 2nd proposes security as a shared responsibility, Windows http://www.aliyun.com/zixun/aggregation/13357.html ">azure Provide your application with powerful security features that exceed the requirements of your internal deployment application. On the other hand, it exposes other vulnerabilities that you should consider.

This section explores how to examine your application's architecture. The model and practice team proposes to examine the application through the security framework so that you can identify the threat and your response before you start coding.

This section also describes how to apply the Microsoft Security Development Lifecycle (SDL) to your organization in a defined manner to address security issues at every stage of the application lifecycle.

Security framework

The security framework allows you to easily understand the security situation of your application.

This concept is described in detail in the Windows Azure security memo. This document is written by J.D Meier and Paul Enfield, chief project manager of the model and practice team. The document also collects comments from customers, field engineers, product teams, and industry experts, and provides solutions that ensure the security of common application scenarios on Windows Azure based on common principles, patterns, and practices.

That document outlines the threats, attacks, vulnerabilities, and countermeasures that you might encounter. It also details a set of scenarios that contain many common application types. The document provides a security framework that guides security considerations when designing and building Windows Azure applications.

The document begins with a common asp.net application, identifies a set of actions, and classifies them:

This approach helps you address the key security hotspots identified by the security framework to ensure the security of your solution.

For internal deployment applications, you need to address each of the major issues separately. The following illustration shows a very typical internal deployment application architecture, and then the corresponding hotspots are marked.

With the managed infrastructure, we can use less trouble because the managed infrastructure handles these issues. For example, Windows Azure applications do not have permissions to create user accounts or elevate permissions.