This is Part#8 of our series of articles about best security practices that you can apply to an Azure environment. Please note that all the articles have been compiled from various official Microsoft sources.
Use Web App Firewall on All Internet Facing Applications
What : Configure web application firewalls (WAFs) to protect all internet facing applications
Why : Common security vulnerability types are often exploited by attackers targeting applications (either as an ingress point to the environment or as the ultimate objective).
WAFs are a critical mitigation for these attacks if you don’t have a mature security development lifecycle (SDL) to find/fix these vulnerabilities. WAFs also serve as an important safety measure even if you don’t have a mature SDL (much like a parachute in a plane).
How : Microsoft includes WAF capabilities in Azure Application Gateway and many vendors offer these capabilities as standalone security appliances or as part of next generation firewalls.