Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Aws
- Azure
- Best practice
- Security
- Security
- Gcp
- Lang
- Typescript
- Yaml
Best practice
Ensure that Application Gateway enables WAF
Ensure that HTTP Version is the latest if used to run the web app
Ensure that PostgreSQL server enables geo-redundant backups
Ensure that Send Alerts To is enabled for MSSQL servers
Ensure that app services use Azure Files
Ensures that Active Directory is used for authentication for Service Fabric
Ensure that Azure Defender is set to On for SQL servers on machines
Ensure that standard pricing tier is selected
Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets
Ensure that Network Interfaces disable IP forwarding
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Ensure server parameter connection_throttling is set to ON for PostgreSQL Database Server
Ensure that Security contact Phone number is set
Ensure that Azure Defender is set to On for Servers
Ensure that Net Framework version is the latest, if used as a part of the web app
Ensure server parameter log_connections is set to ON for PostgreSQL Database Server
Ensure that Python version is the latest, if used to run the web app
Ensure that HTTP Version is the latest if used to run the Function app
Ensure that Threat Detection types is set to All
Ensure that AKS uses Azure Policies Add-on
Ensure that Azure Defender is set to On for App Service
Ensure that Send email notification for high severity alerts is set to On
Ensure that Send email notification for high severity alerts is set to On
Ensure that MariaDB server enables geo-redundant backups
Ensure that key vault secrets have “content_type” set
Ensure that key vault allows firewall rules settings
Ensure that MySQL server enables Threat detection policy
Ensure that Security contact emails is set
Ensure the key vault is recoverable https://docs.bridgecrew.io/docs/ensure-the-key-vault-is-recoverable
Ensure server parameter log_checkpoints is set to ON for PostgreSQL Database Server
Ensure that PHP version is the latest, if used to run the web app
Ensure Enforce SSL connection is set to Enabled for MariaDB servers
Ensure that Azure Front Door enables WAF
Ensure that the expiration date is set on all secrets
Ensure audit profile captures all the activities
Ensure that Activity Log Retention is set 365 days or greater
Ensure that Email service and co-administrators is Enabled for MSSQL servers
Ensure that Azure Defender is set to On for Key Vault
Ensure that PostgreSQL Flexible server enables geo-redundant backups
Ensure that PostgreSQL server enables Threat detection policy
Ensure that Java version is the latest, if used to run the web app
Ensure that key vault enables purge protection
Ensure that HTTP Version is the latest if used to run the Function app
Ensure that storage account enables secure transfer
Ensure Enforce SSL connection is set to Enabled for MySQL servers
Ensure FTP deployments are disabled
Ensure that Azure Defender is set to On for Storage
Ensure that MySQL server enables geo-redundant backups
Ensure that Azure Synapse workspaces enables managed virtual networks
Ensure that Azure Defender is set to On for SQL servers
Ensure that Azure Defender is set to On for Container
Ensure that Azure Defender is set to On for Kubernetes
Ensure that Azure Front Door uses WAF and configured in “Detection” or “Prevention” modes
Ensure Enforce SSL connection is set to Enabled for PostgreSQL servers
Ensure that key vault enables soft delete
Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes