Infrastructure Security Validation Tools & Practices
Start course

Welcome to Designing for Quality and Security with Azure DevOps. This course covers topics to help you learn how to design a quality strategy in Azure DevOps. It shows you how to analyze an existing quality environment and how to identify and recommend quality metrics, as well as what feature flags are and how to manage the feature flag lifecycle.

The course then moves onto technical debt and how to manage it, how to choose a team structure that optimizes quality and how to handle performance testing. You'll look at some strategies for designing a secure development process and the steps you can take to inspect and validate both your codebase and infrastructure for compliance.

We'll wrap things up by covering strategies you can use to secure your development and coding environment, as well as recommended tools and practices that you can use to integrate infrastructure security validation.

If you have any questions, comments, or feedback relating to this course, feel free to contact us at

Learning Objectives

By the time you complete this course, you should have a good understanding of how to design for quality and security with Azure DevOps.

Intended Audience

This course is intended for:

  • IT professionals who are interested in earning the Microsoft Azure DevOps Solutions certification
  • DevOps professionals that work with Azure on a daily basis


To get the most from this course, you should have at least a basic understanding DevOps concepts and of Microsoft Azure.


Hi there, welcome to infrastructure security validation tools and practices. When it comes to checking for vulnerabilities you can't just validate your applications. You need to also validate your infrastructure to check for vulnerabilities especially when you're leveraging public cloud resources like Azure. You need to ensure that anything you deploy in these types of public cloud environments is deployed securely.

A robust strategy for performing infrastructure security validation requires a full suite of tools and practices. Azure tools that you can use to prevent and report on vulnerabilities include things like Security Center and Azure policies. However, you should also set up a scanner as part of your network pipeline that checks public endpoints and ports and ensures that they've been added to an allow list or a whitelist. If the scanner finds an endpoint or port that hasn't been whitelisted the scanner should raise an infrastructure issue or create a bug.

More specifically after your scan's complete, your Azure pipelines release should be updated with a report that shows the results of these scans. Bugs should then be created in the team's backlog so they can be addressed.

By building a scanner into your pipeline, vulnerabilities are recorded as bugs. These bugs provide actionable work which you can then track and measure.

Now even if you build in continuous security validation in this manner and you're running scans and checks against every change to ensure known vulnerabilities aren't being introduced, newer vulnerabilities are always being discovered because the bad guys are always changing their strategies. This is where monitoring can help. A solid monitoring tool helps you detect, prevent, and remediate issues that are discovered while your applications running in production. Microsoft Azure offers several tools that provide detection, prevention, and alerting, based on rules like the OWASP top ten.

The best way to effectively minimize security vulnerabilities is to take a holistic and layered approach to security. This means that you need to secure the infrastructure and the application architecture. You also need to perform continuous validation and monitoring.

Following DevSecOps practices and standards allows your team to incorporate all the necessary security capabilities into the entire lifecycle of your organization's applications. Performing continuous security validation by incorporating these practices and standards into your CI CD pipeline, allow you to ensure that your applications remain secure.



Introduction - Identifying & Recommending Quality Metrics - Feature Flags - Technical Debt - Team Structures - Performance Testing - Inspecting & Validating Code Base for Compliance - Inspecting & Validating Infrastructure for Compliance - Secure Development & Coding - Infrastructure Security Validation Tools & Practices - Conclusion

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.