The project’s software and applications are secured using a combination of secure development practices, Azure-managed security controls, and continuous monitoring.
- Secure application architecture
- Applications are hosted on Azure App Service and Azure SQL Database, benefiting from Microsoft-managed patching and hardening
- All application traffic is encrypted in transit using HTTPS/TLS 1.2 or higher
- Data at rest is encrypted using Azure-managed encryption
- Identity and access management
- Access is controlled using Azure Entra ID with role-based access control (RBAC)
- Multi-factor authentication (MFA) is enforced for administrative access
- Principle of least privilege is applied across users, services, and applications
- Application-level security controls
- Input validation and server-side authorization are enforced to prevent common vulnerabilities (e.g. injection, broken access control)
- Secrets and connection strings are stored securely (e.g. managed identities and secure configuration) rather than embedded in code
- Authentication tokens and sensitive data are never logged or exposed in client-side code
- 2FA is enforced
- Session Expiry
- Threat detection and monitoring
- Continuous security monitoring and vulnerability assessment via Microsoft Defender for Cloud
- Centralised logging and alerting through Azure Monitor and Application Insights
- Automated alerts for suspicious activity, failed authentication attempts, and configuration drift
- Secure development and maintenance
- Code changes are peer-reviewed and deployed via controlled CI/CD pipelines
- Dependencies and frameworks are kept up to date to address known vulnerabilities
- Regular security reviews and configuration audits are performed as part of ongoing maintenance
Order:
20
