Skip to content

🏔️ Welcome to the MCP Security Summit Workshop

A Sherpa's Guide to Securing Model Context Protocol Servers in Azure

MCP Workshop

About This Workshop

The summit awaits, but the climb itself teaches you everything you need to know.

The Model Context Protocol (MCP) opens exciting new routes for AI applications to connect with data sources and tools, but like any unexplored peak, the terrain requires preparation. Unsecured MCP servers expose dangerous attack surfaces: authentication bypasses, data leakage, and unauthorized access threaten systems that lack proper defenses.

This workshop is your guided expedition to securing MCP servers in Microsoft Azure. You'll experience real vulnerabilities firsthand (by exploiting intentionally insecure systems), then learn proven techniques to fortify your defenses using Azure's native security services. By the time you reach the summit, you'll have climbed from basic authentication to enterprise-grade defense-in-depth with working code you can deploy in production.

What Makes This Expedition Unique

Learn by Breaking Things - Experience vulnerabilities firsthand by exploiting intentionally insecure servers before learning to fix them

Azure-Native Security - Leverage Azure Entra ID, Key Vault, API Management, AI Foundry, and other platform services designed for production workloads

Defense-in-Depth Journey - Ascend through progressive camps, each building on the last to create comprehensive security layers

OWASP-Aligned - Every technique maps directly to the OWASP MCP Azure Security Guide, giving you industry-standard knowledge

Real Production Code - Walk away with working, tested implementations you can adapt for your own projects

Whether you're a developer building your first MCP server or a security professional hardening existing systems, this workshop provides practical, actionable knowledge through a proven "vulnerable → exploit → fix → validate" methodology.

The Expedition Route

Your journey follows a proven camp-to-camp progression. Each stage builds on the last, from reconnaissance at Base Camp to the final Red Team challenge at The Summit.

Expedition Route

  • Base Camp

    Understanding the Mountain - Explore MCP fundamentals and witness authentication vulnerabilities in action
    OWASP Risks: MCP07, MCP01

    Begin the ascent

  • Camp 1: Identity

    Establishing Your Identity - Leverage OAuth 2.1, Azure Managed Identity, and Key Vault secrets management
    OWASP Risks: MCP07, MCP01, MCP02

    Secure your identity

  • Camp 2: MCP Gateway

    Scaling the Gateway Ridge - Deploy API Management, Private Endpoints, and API Center governance
    OWASP Risks: MCP09, MCP02, MCP07

    Build the gateway

  • Camp 3: I/O Security

    Navigating I/O Pass - Protect against prompt injection, PII leakage, and malicious content
    OWASP Risks: MCP06, MCP05, MCP03

    Secure your data

  • Camp 4: Monitoring

    Observation Peak - Implement Log Analytics, dashboards, and automated threat detection
    OWASP Risks: MCP08

    Watch the horizon

  • The Summit

    Full Integration Test - Red Team / Blue Team exercise validating all security layers
    All OWASP Risks Validated

    Reach the peak

What You'll Build

By the end of this expedition, you'll have climbed from vulnerable prototype to production-ready MCP architecture:

Production-Ready Authentication - OAuth 2.1 with PKCE, Azure Entra ID integration, and passwordless Managed Identity

Hardened Network Perimeter - Private endpoints, API Management gateway, and zero-trust networking

Content Security Controls - Input validation, Azure AI Content Safety integration, and PII detection

Operational Monitoring - Centralized logging, custom dashboards, and automated alerting

Compliance Documentation - OWASP risk mappings and audit trails for security reviews

Prerequisites

Before starting your expedition, ensure you have:

Azure subscription with Contributor access
VS Code with GitHub Copilot or MCP extension
Azure CLI installed and authenticated
Python 3.10+ installed
Basic familiarity with Azure Portal

No Security Expertise Required

This workshop is designed for developers of all skill levels. If you can write Python code and navigate the Azure Portal, you're ready to climb!

Workshop Format

Hands-on labs with live exploitation and remediation exercises
Each camp includes: vulnerable code → exploit → secure implementation → validation
Self-paced with optional instructor-led checkpoints

Getting Started

Ready to begin your expedition? Follow these three simple steps:

git clone https://github.com/Azure-Samples/sherpa.git
cd sherpa

# Install uv for fast dependency management
curl -LsSf https://astral.sh/uv/install.sh | sh

# Verify Python version
python --version  # Should be 3.10 or higher

# Verify Azure CLI is installed and authenticated
az --version
az account show

# Navigate to Base Camp to begin
cd camps/base-camp

# Follow the README for setup instructions

Reference Materials

Your Companion Guide

Throughout this workshop, we reference the comprehensive OWASP MCP Azure Security Guide for deeper technical explanations of each security risk and mitigation strategy.

OWASP MCP Azure Security Guide

Additional Resources:

MCP Specification 2025-11-25 - Official protocol documentation
MCP Security Best Practices - Community security guidance
FastMCP Framework - Python framework used in this workshop

Ready to Climb?

Head to Base Camp to begin your expedition!

Contributing

Want to improve this workshop? See our Contributing Guidelines

The mountain doesn't care about your excuses. Prepare well, climb smart, reach the summit. 🏔️