Benchmark: 9 AppService
Overview
This section covers security recommendations for Azure AppService.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 9 AppService.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_9Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_9 --shareControls
- 9.1 Ensure 'HTTPS Only' is set to `On`
- 9.2 Ensure App Service Authentication is set up for apps in Azure App Service
- 9.3 Ensure 'FTP State' is set to 'FTPS Only' or 'Disabled'
- 9.4 Ensure Web App is using the latest version of TLS encryption
- 9.5 Ensure that Register with Entra ID is enabled on App Service
- 9.6 Ensure that 'Basic Authentication' is 'Disabled'
- 9.7 Ensure that 'PHP version' is currently supported (if in use)
- 9.8 Ensure that 'Python version' is currently supported (if in use)
- 9.9 Ensure that 'Java version' is currently supported (if in use)
- 9.10 Ensure that 'HTTP20enabled' is set to 'true' (if in use)
- 9.11 Ensure Azure Key Vaults are Used to Store Secrets
- 9.12 Ensure that 'Remote debugging' is set to 'Off'