Benchmark: 9 AppService
Overview
This section covers security recommendations for Azure AppService.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 9 AppService.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v150_9Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v150_9 --shareControls
- 9.1 Ensure App Service Authentication is set up for apps in Azure App Service
- 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service
- 9.3 Ensure web app is using the latest version of TLS encryption
- 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
- 9.5 Ensure that Register with Azure Active Directory is enabled on App Service
- 9.6 Ensure that 'PHP version' is the latest, if used to run the web app
- 9.7 Ensure that 'Python version' is the latest stable version, if used to run the web app
- 9.8 Ensure that 'Java version' is the latest, if used to run the web app
- 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app
- 9.10 Ensure FTP deployments are disabled
- 9.11 Ensure Azure Keyvaults are used to store secrets