CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
      • Aws
      • Azure
        • Best practice
        • Security
        • Security
          • Aks
          • Apiservice
          • Appservice
          • Functionapp
          • Keyvault
          • Storage
      • Gcp
      • Lang
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Appservice

appservice-use-secure-tls-policy

Detected an AppService that was not configured to use TLS 1.2. Add site_config.min_tls_version = "1.2" in your resource block.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-appservice-auth

Ensure App Service Authentication is set on Azure App Service
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

appservice-authentication-enabled

Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures

azure-appservice-identity

Ensure App Service Authentication is set on Azure App Service
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-appservice-client-certificate

Ensure the web app has Client Certificates
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

appservice-enable-https-only

By default, clients can connect to App Service by using both HTTP or HTTPS. HTTP should be disabled enabling the HTTPS Only setting.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

appservice-account-identity-registered

Registering the identity used by an App with AD allows it to interact with other services without using username and password. Set the identity block in your appservice.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures

azure-appservice-disallowed-cors

Ensure that CORS disallows every resource to access app services
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration

appservice-require-client-cert

Detected an AppService that was not configured to use a client certificate. Add client_cert_enabled = true in your resource block.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-295: Improper Certificate Validation
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures

appservice-enable-http2

Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true to your appservice resource block
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design

azure-appservice-detailed-errormessages-enabled

Ensure that App service enables detailed error messages
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

azure-appservice-enabled-failed-request

Ensure that App service enables failed request tracing
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

azure-appservice-identityprovider-enabled

Ensure that Managed identity provider is enabled for app services
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-appservice-http-logging-enabled

Ensure that App service enables HTTP logging
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

azure-appservice-https-only

Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-appservice-min-tls-version

Ensure web app is using the latest version of TLS encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
ApiserviceFunctionapp
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.