Links: Azure - security\develop

Author: DCtheGeek

articles/security/develop/index.yml

@@ -50,6 +50,6 @@ landingContent:
       - linkListType: learn
         links:
           - text: Top 5 security items
-            url: https://docs.microsoft.com/learn/modules/top-5-security-items-to-consider
+            url: /learn/modules/top-5-security-items-to-consider
           - text: Secure your cloud applications in Azure
-            url: https://docs.microsoft.com/learn/paths/secure-your-cloud-apps
+            url: /learn/paths/secure-your-cloud-apps

articles/security/develop/secure-deploy.md

@@ -18,7 +18,7 @@ ms.workload: na
 
 # Deploy secure applications on Azure
 In this article we present security activities and controls to consider when you deploy applications for the cloud. Security questions and concepts to consider during the release and response phases of the Microsoft [Security Development Lifecycle
-(SDL)](https://msdn.microsoft.com/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx) are covered. The goal is to help you define activities and Azure services that you can use to deploy a more secure application.
+(SDL)](/previous-versions/windows/desktop/cc307891(v=msdn.10)) are covered. The goal is to help you define activities and Azure services that you can use to deploy a more secure application.
 
 The following SDL phases are covered in this article:
 
@@ -54,7 +54,7 @@ a known vulnerability at a central location versus securing each
 individual web application.
 
 The [Azure Application Gateway
-WAF](../../application-gateway/waf-overview.md)
+WAF](../../web-application-firewall/ag/ag-overview.md)
 provides centralized protection of your web applications from common
 exploits and vulnerabilities. The WAF is based on rules from the [OWASP
 core rule
@@ -118,7 +118,7 @@ designed to help you continuously improve performance and usability.
 #### Azure Security Center
 
 [Azure Security
-Center](../../security-center/security-center-intro.md)
+Center](../../security-center/security-center-introduction.md)
 helps you prevent, detect, and respond to threats with increased
 visibility into (and control over) the security of your Azure resources,
 including web applications. Azure Security Center helps detect threats
@@ -127,7 +127,7 @@ solutions.
 
 Security Center’s Free tier offers limited security for your Azure
 resources only. The [Security Center Standard
-tier](../../security-center/security-center-onboarding.md)
+tier](../../security-center/security-center-get-started.md)
 extends these capabilities to on-premises resources and other clouds.
 Security Center Standard helps you:
 
@@ -140,4 +140,4 @@ Security Center Standard helps you:
 In the following articles, we recommend security controls and activities that can help you design and develop secure applications.
 
 - [Design secure applications](secure-design.md)
-- [Develop secure applications](secure-develop.md)
+- [Develop secure applications](secure-develop.md)

articles/security/develop/secure-design.md

@@ -18,7 +18,7 @@ ms.workload: na
 
 # Design secure applications on Azure
 In this article we present security activities and controls to consider when you design applications for the cloud. Training resources along with security questions and concepts to consider during the requirements and design phases of the Microsoft [Security Development Lifecycle
-(SDL)](https://msdn.microsoft.com/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx) are covered. The goal is to help you define activities and Azure services that you can use to design a more secure application.
+(SDL)](/previous-versions/windows/desktop/cc307891(v=msdn.10)) are covered. The goal is to help you define activities and Azure services that you can use to design a more secure application.
 
 The following SDL phases are covered in this article:
 
@@ -50,22 +50,22 @@ with security best practices on Azure:
     started using the Azure platform for their development needs.
 
   - [SDKs and
-    tools](https://docs.microsoft.com/azure/index?pivot=sdkstools)
+    tools](../../index.yml?pivot=sdkstools)
     describes the tools that are available on Azure.
 
   - [Azure DevOps
-    Services](https://docs.microsoft.com/azure/devops/)
+    Services](/azure/devops/)
     provides development collaboration tools. The tools include
     high-performance pipelines, free Git repositories, configurable
     Kanban boards, and extensive automated and cloud-based load testing.
     The [DevOps Resource
-    Center](https://docs.microsoft.com/azure/devops/learn/) combines our
+    Center](/azure/devops/learn/) combines our
     resources for learning DevOps practices, Git version control, agile
     methods, how we work with DevOps at Microsoft, and how you can
     assess your own DevOps progression.
 
   - [Top 5 security items to consider before pushing to
-    production](https://docs.microsoft.com/learn/modules/top-5-security-items-to-consider/index?WT.mc_id=Learn-Blog-tajanca)
+    production](/learn/modules/top-5-security-items-to-consider/index?WT.mc_id=Learn-Blog-tajanca)
     shows you how to help secure your web applications on Azure and
     protect your apps against the most common and dangerous web
     application attacks.
@@ -108,7 +108,7 @@ Ask security questions like:
   - Does my application contain sensitive data?
 
   - Does my application collect or store data that requires me to adhere
-    to industry standards and compliance programs like the [Federal Financial Institution Examination Council (FFIEC)](../blueprints/ffiec-analytics-overview.md) or the [Payment Card Industry Data Security Standards (PCI DSS)](../blueprints/pcidss-analytics-overview.md)?
+    to industry standards and compliance programs like the [Federal Financial Institution Examination Council (FFIEC)](/previous-versions/azure/security/blueprints/ffiec-analytics-overview) or the [Payment Card Industry Data Security Standards (PCI DSS)](/previous-versions/azure/security/blueprints/pcidss-analytics-overview)?
 
   - Does my application collect or contain sensitive personal or
     customer data that can be used, either on its own or with other
@@ -160,7 +160,7 @@ Awareness of these security risks can help you make requirement and
 design decisions that minimize these risks in your application.
 
 Thinking about security controls to prevent breaches is important.
-However, you also want to [assume a breach](https://docs.microsoft.com/azure/devops/learn/devops-at-microsoft/security-in-devops)
+However, you also want to [assume a breach](/azure/devops/learn/devops-at-microsoft/security-in-devops)
 will occur. Assuming a breach helps answer some important questions
 about security in advance, so they don't have to be answered in an
 emergency:
@@ -227,10 +227,10 @@ environments (IDEs) and editors that have advanced debugging
 capabilities and built-in Azure support.
 
 Microsoft offers a variety of [languages, frameworks, and
-tools](https://docs.microsoft.com/azure/index?pivot=sdkstools&panel=sdkstools-all)
+tools](../../index.yml?panel=sdkstools-all&pivot=sdkstools)
 that you can use to develop applications on Azure. An example is [Azure
 for .NET and .NET Core
-developers](https://docs.microsoft.com/dotnet/azure/). For each language
+developers](/dotnet/azure/). For each language
 and framework that we offer, you’ll find quickstarts, tutorials, and API
 references to help you get started fast.
 
@@ -303,9 +303,9 @@ situation.
 
 | Threat | Security property | Potential Azure platform mitigation |
 | ---------------------- | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Spoofing               | Authentication        | [Require HTTPS connections](https://docs.microsoft.com/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio). |
-| Tampering              | Integrity             | Validate SSL/TLS certificates. Applications that use SSL/TLS must fully verify the X.509 certificates of the entities they connect to. Use Azure Key Vault certificates to [manage your x509 certificates](../../key-vault/about-keys-secrets-and-certificates.md#key-vault-certificates). |
-| Repudiation            | Non-repudiation       | Enable Azure [monitoring and diagnostics](https://docs.microsoft.com/azure/architecture/best-practices/monitoring).|
+| Spoofing               | Authentication        | [Require HTTPS connections](/aspnet/core/security/enforcing-ssl?tabs=visual-studio&view=aspnetcore-2.1). |
+| Tampering              | Integrity             | Validate SSL/TLS certificates. Applications that use SSL/TLS must fully verify the X.509 certificates of the entities they connect to. Use Azure Key Vault certificates to [manage your x509 certificates](../../key-vault/general/about-keys-secrets-certificates.md#key-vault-certificates). |
+| Repudiation            | Non-repudiation       | Enable Azure [monitoring and diagnostics](/azure/architecture/best-practices/monitoring).|
 | Information Disclosure | Confidentiality       | Encrypt sensitive data [at rest](../fundamentals/encryption-atrest.md) and [in transit](../fundamentals/data-encryption-best-practices.md#protect-data-in-transit). |
 | Denial of Service      | Availability          | Monitor performance metrics for potential denial of service conditions. Implement connection filters. [Azure DDoS protection](../../virtual-network/ddos-protection-overview.md#next-steps), combined with application design best practices, provides defense against DDoS attacks.|
 | Elevation of Privilege | Authorization         | Use Azure Active Directory <span class="underline"> </span> [Privileged Identity Management](../../active-directory/privileged-identity-management/pim-configure.md).|
@@ -398,7 +398,7 @@ AD)](../../active-directory/fundamentals/active-directory-whatis.md)
 is the Azure solution for identity and access management. These Azure AD
 tools and services help with secure development:
 
-- [Microsoft identity platform](/azure/active-directory/develop/)
+- [Microsoft identity platform](../../active-directory/develop/index.yml)
 is a set of components that developers use to build apps that
 securely sign in users. The platform assists developers who are building
 single-tenant, line-of-business (LOB) apps and developers who are
@@ -433,7 +433,7 @@ is required for each role, you limit the risk of a security issue
 occurring.
 
 Ensure that your application enforces [least
-privilege](https://docs.microsoft.com/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models#in-applications)
+privilege](/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models#in-applications)
 throughout its access patterns.
 
 > [!NOTE]
@@ -452,7 +452,7 @@ to:
 ### Require re-authentication for important transactions
 
 [Cross-site request
-forgery](https://docs.microsoft.com/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.1)
+forgery](/aspnet/core/security/anti-request-forgery?view=aspnetcore-2.1)
 (also known as *XSRF* or *CSRF*) is an attack against web-hosted apps in
 which a malicious web app influences the interaction between a client
 browser and a web app that trusts that browser. Cross-site request
@@ -556,12 +556,12 @@ identities for Azure resources, your Azure web app can access secret
 configuration values easily and securely without storing any secrets in
 your source control or configuration. To learn more, see [Manage secrets
 in your server apps with Azure Key
-Vault](https://docs.microsoft.com/learn/modules/manage-secrets-with-azure-key-vault/).
+Vault](/learn/modules/manage-secrets-with-azure-key-vault/).
 
 ### Implement fail-safe measures
 
 Your application must be able to handle
-[errors](https://docs.microsoft.com/dotnet/standard/exceptions/) that
+[errors](/dotnet/standard/exceptions/) that
 occur during execution in a consistent manner. The application should
 catch all errors and either fail safe or closed.
 
@@ -576,7 +576,7 @@ further attack systems and maintain persistence.
 ### Take advantage of error and exception handling
 
 Implementing correct error and [exception
-handling](https://docs.microsoft.com/dotnet/standard/exceptions/best-practices-for-exceptions)
+handling](/dotnet/standard/exceptions/best-practices-for-exceptions)
 is an important part of defensive coding. Error and exception handling
 are critical to making a system reliable and secure. Mistakes in error
 handling can lead to different kinds of security vulnerabilities, such
@@ -587,7 +587,7 @@ Ensure that:
 
 - You handle exceptions in a centralized manner to avoid duplicated
 [try/catch
-blocks](https://docs.microsoft.com/dotnet/standard/exceptions/how-to-use-the-try-catch-block-to-catch-exceptions)
+blocks](/dotnet/standard/exceptions/how-to-use-the-try-catch-block-to-catch-exceptions)
 in the code.
 
 - All unexpected behaviors are handled inside the application.
@@ -607,7 +607,7 @@ organizations.
 
 ### Use logging and alerting
 
-[Log](https://docs.microsoft.com/aspnet/core/fundamentals/logging/?view=aspnetcore-2.1)
+[Log](/aspnet/core/fundamentals/logging/?view=aspnetcore-2.1)
 your security issues for security investigations and trigger alerts
 about issues to ensure that people know about problems in a timely
 manner. Enable auditing and logging on all components. Audit logs should
@@ -633,4 +633,4 @@ you to gather operations data, like who is accessing the application.
 In the following articles, we recommend security controls and activities that can help you develop and deploy secure applications.
 
 - [Develop secure applications](secure-develop.md)
-- [Deploy secure applications](secure-deploy.md)
+- [Deploy secure applications](secure-deploy.md)

articles/security/develop/secure-dev-overview.md

@@ -54,7 +54,7 @@ the development lifecycle helps you catch issues early, and it helps you
 reduce your development costs.
 
 We follow the phases of the Microsoft [Security Development Lifecycle
-(SDL)](https://msdn.microsoft.com/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx)
+(SDL)](/previous-versions/windows/desktop/cc307891(v=msdn.10))
 to introduce activities and Azure services that you can use to fulfill
 secure software development practices in each phase of the lifecycle.
 
@@ -90,7 +90,7 @@ Use the following resources to learn more about developing secure
 applications and to help secure your applications on Azure:
 
 [Microsoft Security Development Lifecycle
-(SDL)](https://msdn.microsoft.com/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx)
+(SDL)](/previous-versions/windows/desktop/cc307891(v=msdn.10))
 – The SDL is a software development process from Microsoft that helps
 developers build more secure software. It helps you address security
 compliance requirements while reducing development costs.
@@ -135,4 +135,4 @@ In the following articles, we recommend security controls and activities that ca
 
 - [Design secure applications](secure-design.md)
 - [Develop secure applications](secure-develop.md)
-- [Deploy secure applications](secure-deploy.md)
+- [Deploy secure applications](secure-deploy.md)

articles/security/develop/secure-develop.md

@@ -18,7 +18,7 @@ ms.workload: na
 
 # Develop secure applications on Azure
 In this article we present security activities and controls to consider when you develop applications for the cloud. Security questions and concepts to consider during the implementation and verification phases of the Microsoft [Security Development Lifecycle
-(SDL)](https://msdn.microsoft.com/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx) are covered. The goal is to help you define activities and Azure services that you can use to develop a more secure application.
+(SDL)](/previous-versions/windows/desktop/cc307891(v=msdn.10)) are covered. The goal is to help you define activities and Azure services that you can use to develop a more secure application.
 
 The following SDL phases are covered in this article:
 
@@ -34,7 +34,7 @@ misuse of your application.
 
 ### Perform code reviews
 
-Before you check in code, conduct [code reviews](https://docs.microsoft.com/azure/devops/learn/devops-at-microsoft/code-reviews-not-primarily-finding-bugs) to increase overall code quality and reduce the risk of creating bugs. You can use [Visual Studio](https://docs.microsoft.com/azure/devops/repos/tfvc/get-code-reviewed-vs?view=vsts) to manage the code review process.
+Before you check in code, conduct [code reviews](/azure/devops/learn/devops-at-microsoft/code-reviews-not-primarily-finding-bugs) to increase overall code quality and reduce the risk of creating bugs. You can use [Visual Studio](/azure/devops/repos/tfvc/get-code-reviewed-vs?view=vsts) to manage the code review process.
 
 ### Perform static code analysis
 
@@ -149,8 +149,8 @@ Antimalware protection helps identify and remove viruses, spyware, and
 other malicious software. You can install [Microsoft Antimalware](../fundamentals/antimalware.md)
 or a Microsoft partner's endpoint protection solution ([Trend Micro](https://www.trendmicro.com/azure/),
 [Broadcom](https://www.broadcom.com/products),
-[McAfee](https://www.mcafee.com/us/products.aspx), [Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10),
-and [Endpoint Protection](https://docs.microsoft.com/configmgr/protect/deploy-use/endpoint-protection)).
+[McAfee](https://www.mcafee.com/us/products.aspx), [Windows Defender](/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10),
+and [Endpoint Protection](/configmgr/protect/deploy-use/endpoint-protection)).
 
 [Microsoft Antimalware](../fundamentals/antimalware.md)
 includes features like real-time protection, scheduled scanning, malware
@@ -257,4 +257,4 @@ of AzSK, which makes SVTs available as a Visual Studio extension.
 In the following articles, we recommend security controls and activities that can help you design and deploy secure applications.
 
 - [Design secure applications](secure-design.md)
-- [Deploy secure applications](secure-deploy.md)
+- [Deploy secure applications](secure-deploy.md)