Skip to main content
Enabling authentication ensures that all communications in the application are authenticated. The auth_settings block needs to be filled out with the appropriate auth backend settings
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true to your function app resource block
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design
I