app-service-blueprint-security.md

• Secure your web app using various means of authentication and authorization
  • Setup Azure Active Directory authentication for your app
• Secure traffic to your app by enabling Transport Layer Security (TLS/SSL) - HTTPS
  • Force all incoming traffic over HTTPS connection
  • Enable Strict Transport Security (HSTS)
• Restrict access to your app by client's IP address
• Restrict access to your app by client's behavior - request frequency and concurrency
• Scan your web app code for vulnerabilities using Tinfoil Security Scanning
• Configure TLS mutual authentication to require client certificates to connect to your web app
• Configure a client certificate for use from your app to securely connect to external resources
• Remove standard server headers to avoid tools from fingerprinting your app
• Securely connect your app with resources in a private network using Point-To-Site VPN
• Securely connect your app with resources in a private network using Hybrid Connections
• Achieve security isolation for your apps using App Service Environments (ASE)
  • Configure a Web Application Firewall (WAF) in front of your ASE
  • Configure access control for inbound network traffic for your ASE
  • Securely connect to backend resources from your ASE