Security
Home/ Cybersecurity
Zero Trust OWASP IAM AI Security

Cybersecurity Architecture

Security is a first-class engineering concern — not an afterthought. How Zero Trust, identity management, OWASP patterns, and AI security integrate into my full-stack SDLC and cloud deployments.

Model

Zero Trust Architecture

Never trust. Always verify. Zero Trust is the security model for the cloud era. In a traditional perimeter model, anything inside the network is trusted. Zero Trust assumes breach — every request must be authenticated, authorised, and continuously validated regardless of location.

For Azure-hosted workloads, this means Managed Identities for service-to-service communication, Conditional Access policies for user access, Entra ID (Azure AD) for identity, and Azure Private Endpoints to eliminate public exposure.

The Hard Truth

80% of breaches involve compromised credentials. Network perimeters are not enough when developers work from home, apps run in multiple clouds, and APIs are exposed to the internet. Identity IS the new perimeter.

Zero Trust Pillars

Verify Identity Explicitly

Authenticate every user and service with MFA, certificate-based auth, or Managed Identity. Use Entra ID Conditional Access — device compliance, location, risk signals.

Use Least-Privilege Access

Grant minimum permissions needed for the task. JIT (Just-In-Time) access for privileged roles. PIM (Privileged Identity Management) in Azure for time-bound elevation.

Assume Breach Always

Design for containment. Segment networks. Log everything. Use Microsoft Sentinel or AWS GuardDuty for SIEM. Minimise blast radius when (not if) a breach occurs.

OWASP

OWASP Top 10 — Developer's Cheat Sheet

These are the most critical web application security risks. Every developer must know and actively mitigate them in their code.

A1
Broken Access Control

Users can act outside their intended permissions. Mitigate: enforce RBAC/ABAC on every API endpoint, deny by default, validate ownership before returning data.

A2
Cryptographic Failures

Sensitive data exposed in transit or at rest. Mitigate: TLS 1.3 everywhere, AES-256 at rest, no MD5/SHA1, use Azure Key Vault for key management.

A3
Injection

SQL, NoSQL, command, LDAP injection. Mitigate: parameterised queries, ORMs (EF Core), input validation, output encoding, never concatenate user input into queries.

A4
Insecure Design

Missing threat modelling. Mitigate: threat model every feature, security by design, secure coding guidelines, abuse cases alongside use cases.

A5
Security Misconfiguration

Default credentials, verbose error pages, open cloud storage. Mitigate: IaC with security defaults, Checkov/tfsec in CI, Azure Policy, disable unused features.

A6–A10
Vulnerable Components & More

XSS, SSRF, outdated dependencies, broken auth, logging failures. Mitigate: Snyk/Dependabot for SCA, CSP headers, structured logging, proper auth flows.

IAM

Identity & Access Management

Robust identity is the foundation of security. Modern IAM uses open standards to provide secure, federated, and auditable access control.

OAuth 2.0

Authorisation framework. Enables delegated access using access tokens. Use PKCE flow for SPA and mobile apps (React Native, MAUI). Never use implicit flow.

OIDC

OpenID Connect adds identity on top of OAuth 2.0. ID tokens carry user claims. Used in Blazor, Next.js, and MAUI apps for federated authentication with Azure AD B2C or Entra ID.

RBAC vs ABAC

RBAC (Role-Based): simple, well-understood, great for most apps. ABAC (Attribute-Based): fine-grained policies on resource attributes — use for complex multi-tenant SaaS. .NET has built-in support for both.

Azure AD B2C

Customer identity for external-facing apps. Supports social login (Google, Apple, Microsoft), MFA, custom policies, and user flows. Ideal for multi-tenant .NET + Blazor apps.

AI Security

Securing AI Systems

AI introduces new attack surfaces that traditional security tools aren't designed for. As AI becomes embedded in applications and SDLC workflows, these threats need first-class attention.

Prompt Injection

Malicious user input that hijacks the model's instructions. Treat model outputs as untrusted user input — validate, sanitise, and never execute LLM-generated code without review in production.

Data Leakage via Context

Sensitive data inadvertently included in prompts sent to external LLMs. Policy: classify data before sending to AI APIs, use OLlama for sensitive workloads, redact PII before injection.

Excessive Agency

Agentic AI tools (like Claude Code) with too many permissions can cause unintended side effects. Scope tool permissions carefully — read-only where possible, confirm before destructive operations.

Secrets Management

Managing Secrets at Scale

Secrets — API keys, passwords, certificates, connection strings — are the skeleton keys to your systems. A single leaked secret can compromise an entire platform. Never hardcode. Never commit. Always rotate.

Azure Key Vault

Store secrets, keys, and certificates. Link to Azure DevOps variable groups. Use Managed Identity for zero-credential access from Azure services. Enable soft-delete and purge protection.

AWS Secrets Manager

Automatic rotation for RDS, Redshift credentials. Fine-grained IAM policies per secret. CloudTrail audit log for all secret access. Cross-account access via resource policies.

HashiCorp Vault

Multi-cloud secrets engine. Dynamic secrets (generate short-lived credentials on demand). Excellent for Kubernetes workloads via Vault Agent Injector sidecar or CSI Secrets Store driver.

GitHub OIDC + Keyless Auth

Replace static cloud credentials in GitHub Actions with OIDC federation. GitHub Actions exchange a short-lived JWT for cloud credentials — no secrets stored in GitHub at all.

Pro Tip

Rotate all secrets on a schedule, not just after a breach. Use automated rotation with Azure Key Vault's built-in rotation policies. Set expiry dates on all secrets and certificates and alert 30/14/7 days before expiry.

Integration

Security Woven into the SDLC

Every phase of modern software development has a security touchpoint. These are non-negotiable practices in my projects.

Design & Plan

  • Threat modelling (STRIDE) for each feature
  • Security requirements in user stories ("acceptance criteria: data encrypted at rest")
  • Architecture Decision Records (ADRs) for security choices
  • Data classification — what's PII, what's sensitive

Code & Build

  • IDE plugins: SonarLint, Snyk IDE extension
  • Pre-commit hooks: Gitleaks for secrets
  • Dependency scanning on every PR
  • Signed commits and branch protection rules

Deploy & Operate

  • Immutable infrastructure — never patch running containers
  • Approval gates on production deployments
  • Runtime security monitoring with Defender for Cloud
  • Incident response runbooks in the same repo as code

Culture & Governance

  • Security champion in every team
  • Quarterly OWASP Top 10 training
  • Blameless post-mortems for security incidents
  • SIEM dashboard visible to the whole team, not just ops