CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
            • Aks
            • Apiservice
            • Appservice
            • Functionapp
            • Keyvault
            • Storage
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Security

    Appservice

    appservice-use-secure-tls-policy

    Detected an AppService that was not configured to use TLS 1.2. Add site_config.min_tls_version = "1.2" in your resource block.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    azure-appservice-auth

    Ensure App Service Authentication is set on Azure App Service
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    appservice-authentication-enabled

    Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-287: Improper Authentication
    OWASP:
    - A02:2017 - Broken Authentication
    - A07:2021 - Identification and Authentication Failures

    azure-appservice-identity

    Ensure App Service Authentication is set on Azure App Service
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    azure-appservice-client-certificate

    Ensure the web app has Client Certificates
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    appservice-enable-https-only

    By default, clients can connect to App Service by using both HTTP or HTTPS. HTTP should be disabled enabling the HTTPS Only setting.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    appservice-account-identity-registered

    Registering the identity used by an App with AD allows it to interact with other services without using username and password. Set the identity block in your appservice.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-287: Improper Authentication
    OWASP:
    - A02:2017 - Broken Authentication
    - A07:2021 - Identification and Authentication Failures

    azure-appservice-disallowed-cors

    Ensure that CORS disallows every resource to access app services
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-942: Permissive Cross-domain Policy with Untrusted Domains
    OWASP:
    - A05:2021 - Security Misconfiguration

    appservice-require-client-cert

    Detected an AppService that was not configured to use a client certificate. Add client_cert_enabled = true in your resource block.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-295: Improper Certificate Validation
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A07:2021 - Identification and Authentication Failures

    appservice-enable-http2

    Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true to your appservice resource block
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
    OWASP:
    - A04:2021 - Insecure Design

    azure-appservice-detailed-errormessages-enabled

    Ensure that App service enables detailed error messages
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    azure-appservice-enabled-failed-request

    Ensure that App service enables failed request tracing
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    azure-appservice-identityprovider-enabled

    Ensure that Managed identity provider is enabled for app services
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    azure-appservice-http-logging-enabled

    Ensure that App service enables HTTP logging
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    azure-appservice-https-only

    Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    azure-appservice-min-tls-version

    Ensure web app is using the latest version of TLS encryption
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures
    ApiserviceFunctionapp
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.