functionapp-authentication-enabled
Enabling authentication ensures that all communications in the application are authenticated. The auth_settings
block needs to be filled out with the appropriate auth backend settings
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
functionapp-enable-http2
Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true
to your function app resource block
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design
functionapp-authentication-enabled
Enabling authentication ensures that all communications in the application are authenticated. The auth_settings
block needs to be filled out with the appropriate auth backend settings
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
functionapp-enable-http2
Use the latest version of HTTP to ensure you are benefiting from security fixes. Add http2_enabled = true
to your function app resource block
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design