AB#1023963: Top 5 security items to consider before pushing to production

Author: ShawnKupfer

learn-pr/advocates/top-5-security-items-to-consider/1-introduction.yml

@@ -5,8 +5,8 @@ metadata:
   title: Introduction
   description: Introduction
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 2
 content: |

learn-pr/advocates/top-5-security-items-to-consider/2-azure-security-center.yml

@@ -5,8 +5,8 @@ metadata:
   title: Microsoft Defender for Cloud
   description: Microsoft Defender for Cloud
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 15
 content: |

learn-pr/advocates/top-5-security-items-to-consider/3-inputs-and-outputs.yml

@@ -5,8 +5,8 @@ metadata:
   title: Inputs and Outputs
   description: Inputs and Outputs
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 10
 content: |
@@ -15,44 +15,44 @@ quiz:
   title: Check your knowledge
   questions:
 
-  - content: 'Which of the following data sources need to be validated?'
+  - content: "Which of the following data sources need to be validated?"
     choices:
-    - content: 'Data from a 3rd party API'
+    - content: "Data from a 3rd party API"
       isCorrect: false
-      explanation: 'This is just one of many sources that needs to be validated.'
-    - content: 'Data from the URL parameter'
+      explanation: "This is just one of many sources that needs to be validated."
+    - content: "Data from the URL parameter"
       isCorrect: false
-      explanation: 'This is just one of many sources that needs to be validated'
-    - content: 'Data collected from the user via an input field'
+      explanation: "This is just one of many sources that needs to be validated."
+    - content: "Data collected from the user via an input field"
       isCorrect: false
-      explanation: 'This is just one of many sources that needs to be validated.'
-    - content: 'All of the above'
+      explanation: "This is just one of many sources that needs to be validated."
+    - content: "All of the above"
       isCorrect: true
-      explanation: 'All these sources of data need to be validated. Never trust any data that could have been modified.'
+      explanation: "All these sources of data need to be validated. Never trust any data that could have been modified."
 
-  - content: 'Parameterized queries (stored procedures in SQL) are a secure way to talk to the database because:'
+  - content: "Parameterized queries (stored procedures in SQL) are a secure way to talk to the database because:"
     choices:
-    - content: 'They're more organized than inline database commands, and therefore less confusing for users.'
+    - content: "They're more organized than inline database commands, and therefore less confusing for users."
       isCorrect: false
-      explanation: 'Organization of the code is not the reason that parameterized queries are more secure than inline SQL.'
-    - content: 'There's a clear outline of the script in the stored procedure, ensuring better visibility.'
+      explanation: "Organization of the code is not the reason that parameterized queries are more secure than inline SQL."
+    - content: "There's a clear outline of the script in the stored procedure, ensuring better visibility."
       isCorrect: false
-      explanation: 'Clear outline of the script is not the reason that parameterized queries are more secure than inline SQL.'
-    - content: 'Parameterized queries substitute variables before running queries, meaning it avoids the opportunity for code to be submitted in place of a variable.'
+      explanation: "Clear outline of the script is not the reason that parameterized queries are more secure than inline SQL."
+    - content: "Parameterized queries substitute variables before running queries, meaning it avoids the opportunity for code to be submitted in place of a variable."
       isCorrect: true
-      explanation: 'Parameter fields used in parameterized queries are treated as data, not code, protecting against injection vulnerabilities. For more information on how to implement parameterized queries please see the [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html).'
+      explanation: "Parameter fields used in parameterized queries are treated as data, not code, protecting against injection vulnerabilities. For more information on how to implement parameterized queries please see the [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)."
 
-  - content: 'Which of the following data needs to be output encoded?'
+  - content: "Which of the following data needs to be output encoded?"
     choices:
-    - content: 'Data saved to the database'
+    - content: "Data saved to the database"
       isCorrect: false
-      explanation: 'Although data saved to the database needs to be validated to ensure the data is good, we don't need to encode it for output.'
-    - content: 'Data to be output to the screen'
+      explanation: "Although data saved to the database needs to be validated to ensure the data is good, we don't need to encode it for output."
+    - content: "Data to be output to the screen"
       isCorrect: true
-      explanation: 'Data sent to the screen needs to be output encoded to ensure it's never interpreted as code.'
-    - content: 'Data sent to a 3rd party API'
+      explanation: "Data sent to the screen needs to be output encoded to ensure it's never interpreted as code."
+    - content: "Data sent to a 3rd party API"
       isCorrect: false
-      explanation: 'Although data sent to a 3rd party API needs to be validated to ensure the data is good, we don't need to encode it for output.'
-    - content: 'Data in the URL parameters'
+      explanation: "Although data sent to a 3rd party API needs to be validated to ensure the data is good, we don't need to encode it for output."
+    - content: "Data in the URL parameters"
       isCorrect: false
-      explanation: 'Although data from URL Parameters needs to be validated before it's used in our application, we don't need to encode it for output.'
+      explanation: "Although data from URL Parameters needs to be validated before it's used in our application, we don't need to encode it for output."

learn-pr/advocates/top-5-security-items-to-consider/4-secrets-in-key-vault.yml

@@ -5,8 +5,8 @@ metadata:
   title: Secrets in Key Vault
   description: Secrets in Key Vault
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 5
 content: |

learn-pr/advocates/top-5-security-items-to-consider/5-framework-updates.yml

@@ -5,8 +5,8 @@ metadata:
   title: Framework Updates
   description: Framework Updates
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 7
 content: |

learn-pr/advocates/top-5-security-items-to-consider/6-safe-dependencies.yml

@@ -5,8 +5,8 @@ metadata:
   title: Safe Dependencies
   description: Safe Dependencies
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 5
 content: |

learn-pr/advocates/top-5-security-items-to-consider/7-conclusion.yml

@@ -5,8 +5,8 @@ metadata:
   title: Conclusion
   description: Conclusion
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: unit
 durationInMinutes: 1
 content: |

learn-pr/advocates/top-5-security-items-to-consider/includes/2-azure-security-center.md

@@ -15,7 +15,7 @@ Defender for Cloud is part of the [Center for Internet Security](https://www.cis
 
 ## Activating Microsoft Defender for Cloud
 
-Microsoft Defender for Cloud provides unified security management and advanced threat protection for hybrid cloud workloads and is offered in several plans. The Foundational Cloud Security Posture Management (CSPM) plan, which is free and activated by default provides security policies, assessments, and recommendations. The Defender CSPM plan provides a robust set of features, including threat intelligence. There are also plans for Servers, App Service, and more.
+Microsoft Defender for Cloud provides unified security management and advanced threat protection for hybrid cloud workloads, and is offered in several plans. The Foundational Cloud Security Posture Management (CSPM) plan, which is free and activated by default provides security policies, assessments, and recommendations. The Defender CSPM plan provides a robust set of features, including threat intelligence. There are also plans for Servers, App Service, and more.
 
 Given the benefits of Defender for Cloud, the security team at your company has decided that it will be turned on for all subscriptions at your office. You got an email this morning to turn it on for your applications, so let's look at how to do that.
 

learn-pr/advocates/top-5-security-items-to-consider/index.yml

@@ -5,9 +5,10 @@ metadata:
   title: Top 5 security items to consider before pushing to production
   description: Learn about the Site Reliability Engineering approach to the challenge of assuring reliability and gain a better understanding of why it matters.
   author: patridge
-  ms.author: adpatrid
-  ms.date: 05/26/2023
+  ms.author: robmcm
+  ms.date: 03/14/2025
   ms.topic: module
+  ms.service: security
 title: Top 5 security items to consider before pushing to production
 summary: Secure your web applications on Azure and protect your apps against the most common and dangerous web application attacks.
 abstract: |