CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Azure

    Best practice

    Ensure that Application Gateway enables WAF

    Ensure that HTTP Version is the latest if used to run the web app

    Ensure that PostgreSQL server enables geo-redundant backups

    Ensure that Send Alerts To is enabled for MSSQL servers

    Ensure that app services use Azure Files

    Ensures that Active Directory is used for authentication for Service Fabric

    Ensure that Azure Defender is set to On for SQL servers on machines

    Ensure that standard pricing tier is selected

    Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets

    Ensure that Network Interfaces disable IP forwarding
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure server parameter connection_throttling is set to ON for PostgreSQL Database Server

    Ensure that Security contact Phone number is set

    Ensure that Azure Defender is set to On for Servers

    Ensure that Net Framework version is the latest, if used as a part of the web app

    Ensure server parameter log_connections is set to ON for PostgreSQL Database Server

    Ensure that Python version is the latest, if used to run the web app

    Ensure that HTTP Version is the latest if used to run the Function app

    Ensure that Threat Detection types is set to All

    Ensure that AKS uses Azure Policies Add-on

    Ensure that Azure Defender is set to On for App Service

    Ensure that Send email notification for high severity alerts is set to On

    Ensure that Send email notification for high severity alerts is set to On

    Ensure that MariaDB server enables geo-redundant backups

    Ensure that key vault secrets have “content_type” set

    Ensure that key vault allows firewall rules settings

    Ensure that MySQL server enables Threat detection policy

    Ensure that Security contact emails is set

    Ensure the key vault is recoverable https://docs.bridgecrew.io/docs/ensure-the-key-vault-is-recoverable

    Ensure server parameter log_checkpoints is set to ON for PostgreSQL Database Server

    Ensure that PHP version is the latest, if used to run the web app

    Ensure Enforce SSL connection is set to Enabled for MariaDB servers

    Ensure that Azure Front Door enables WAF

    Ensure that the expiration date is set on all secrets

    Ensure audit profile captures all the activities

    Ensure that Activity Log Retention is set 365 days or greater

    Ensure that Email service and co-administrators is Enabled for MSSQL servers

    Ensure that Azure Defender is set to On for Key Vault

    Ensure that PostgreSQL Flexible server enables geo-redundant backups

    Ensure that PostgreSQL server enables Threat detection policy

    Ensure that Java version is the latest, if used to run the web app

    Ensure that key vault enables purge protection

    Ensure that HTTP Version is the latest if used to run the Function app

    Ensure that storage account enables secure transfer

    Ensure Enforce SSL connection is set to Enabled for MySQL servers

    Ensure FTP deployments are disabled

    Ensure that Azure Defender is set to On for Storage

    Ensure that MySQL server enables geo-redundant backups

    Ensure that Azure Synapse workspaces enables managed virtual networks

    Ensure that Azure Defender is set to On for SQL servers

    Ensure that Azure Defender is set to On for Container

    Ensure that Azure Defender is set to On for Kubernetes

    Ensure that Azure Front Door uses WAF and configured in “Detection” or “Prevention” modes

    Ensure Enforce SSL connection is set to Enabled for PostgreSQL servers

    Ensure that key vault enables soft delete

    Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes

    SecuritySecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.