Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings Likelihood: LOW Confidence: LOW CWE: - CWE-287: Improper Authentication
OWASP: - A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
functionapp-enable-http2
Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true to your function app resource block Likelihood: LOW Confidence: LOW CWE: - CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP: - A04:2021 - Insecure Design