CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Azure

    Security

    Ensure MSSQL is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure Virtual Machine Extensions are not Installed
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure public network access enabled is set to False for MySQL servers
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure Cosmos DB disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure Storage Account is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure that MySQL server enables infrastructure encryption
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that PostgreSQL server enables infrastructure encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Azure Batch account uses key vault to encrypt data
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure public network access enabled is set to False for MariaDB servers
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that the expiration date is set on all keys
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure Azure managed disk has encryption enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Azure Cognitive Search disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure Data Explorer uses disk encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that function apps enables Authentication
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure Cache for Redis disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Network Security Group Flow Log retention period is 90 days or greater

    Ensure that Public access level is set to Private for blob containers
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure Container group is deployed into virtual network
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure public network access enabled is set to False for PostgreSQL servers
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure Cosmos DB accounts have restricted access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Virtual machine scale sets have encryption at host enabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Azure Data Factory uses Git repository for source control
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure IoT Hub disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Azure File Sync disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Activity Log Retention is set 365 days or greater

    Ensure that Cosmos DB accounts have access key write capability disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that only SSL are enabled for Cache for Redis
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure that Azure Data Explorer uses double encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Cognitive Services accounts disable public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Automation account variables are encrypted
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure default network access rule for Storage Accounts is set to deny
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    ensure that CORS disallows all resources to access Function app
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-942: Permissive Cross-domain Policy with Untrusted Domains
    OWASP:
    - A05:2021 - Security Misconfiguration

    Ensure that Data Lake Store accounts enables encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure MySQL is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure that key vault key is backed by HSM
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that Azure Data factory public network access is disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that SQL server disables public network access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Service Fabric use three levels of protection available
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-320: CWE CATEGORY: Key Management Errors
    OWASP:
    - A03:2017 - Sensitive Data Exposure

    Ensure that remote debugging is not enabled for app services
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Virtual machine does not enable password authentication
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that no custom subscription owner roles are created
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure PostgreSQL is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that Azure Event Grid Domain public network access is disabled
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Best practiceAks
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.