Creating and hosting your web applications on a public cloud is very common these days.Platform as a service (PaaS) is a hot topic these days and web app is most common and popular service among them. It is popular among developers, individual programmers and small organizations because here you are not managing any server or software but simply focusing on building your code. However for enterprise it is a big challenge as there are not much options to put control and security as platform is managed by vendor.
Lets discuss the way how to utilize these Web App services with control :
1. Attaching a VNet with your web app
Now it is possible to attach a single web app/ app service plan with a specific VNet, this will enable you to put some sub-net level NSG (Network Security Group) around the web app and control the Inbound and Outbound Traffic using NSG rules.
2. Using Azure Web Application Firewall
If you are allowing public internet to access your web app, make sure traffic comes to WAF first and then hits the Web app. Introducing WAF will help you guarding against OWASP rule set out of the box. This includes defend against most infamous SQL Injection, Cross site scripting (XSS), Request Forgery etc..
3. Application level Security
Using an enterprise grade authentication and authorization framework will help a lot in securing your application. You can use Azure Active Directory (AAD) or any other enterprise grade Identity solution like Okta to implement MFA (Multi factor Authentication) and secure your app.
4. Using Application Service Environment (ASE)
If you really want to have more control and restrict public access and wants your web application to be accessed from Intranet only, then you can set up an ASE environment. It is a bit costly option as it uses premium tier only, but is a more secure way. It allows you to have implement similar grade security as you have on your on premise solutions.
Hope you find this article a bit useful. Please do comment your thoughts..!!!