CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
            • Aks
            • Apiservice
            • Appservice
            • Functionapp
            • Keyvault
            • Storage
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Security

    Appservice

    Detected an AppService that was not configured to use TLS 1.2. Add site_config.min_tls_version = "1.2" in your resource block.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure App Service Authentication is set on Azure App Service
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-287: Improper Authentication
    OWASP:
    - A02:2017 - Broken Authentication
    - A07:2021 - Identification and Authentication Failures

    Ensure App Service Authentication is set on Azure App Service
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure the web app has Client Certificates
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    By default, clients can connect to App Service by using both HTTP or HTTPS. HTTP should be disabled enabling the HTTPS Only setting.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Registering the identity used by an App with AD allows it to interact with other services without using username and password. Set the identity block in your appservice.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-287: Improper Authentication
    OWASP:
    - A02:2017 - Broken Authentication
    - A07:2021 - Identification and Authentication Failures

    Ensure that CORS disallows every resource to access app services
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-942: Permissive Cross-domain Policy with Untrusted Domains
    OWASP:
    - A05:2021 - Security Misconfiguration

    Detected an AppService that was not configured to use a client certificate. Add client_cert_enabled = true in your resource block.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-295: Improper Certificate Validation
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A07:2021 - Identification and Authentication Failures

    Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true to your appservice resource block
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
    OWASP:
    - A04:2021 - Insecure Design

    Ensure that App service enables detailed error messages
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    Ensure that App service enables failed request tracing
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    Ensure that Managed identity provider is enabled for app services
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    Ensure that App service enables HTTP logging
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Ensure web app is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    ApiserviceFunctionapp
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.