functionapp-authentication-enabled
functionapp-authentication-enabled
Enabling authentication ensures that all communications in the application are authenticated. The
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
auth_settings block needs to be filled out with the appropriate auth backend settingsLikelihood: LOW
Confidence: LOW
CWE:
- CWE-287: Improper Authentication
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures
functionapp-enable-http2
functionapp-enable-http2
Use the latest version of HTTP to ensure you are benefiting from security fixes. Add
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design
http2_enabled = true to your function app resource blockLikelihood: LOW
Confidence: LOW
CWE:
- CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’)
OWASP:
- A04:2021 - Insecure Design