Loading controls...
Benchmark: App Service
Description
This benchmark provides a set of controls that detect Terraform Azure App Service resources deviating from security best practices.
Usage
Browse dashboards and select App Service:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check terraform_azure_compliance.benchmark.appserviceSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_azure_compliance.benchmark.appserviceControls
- App Service Environment should enable internal encryption
- Ensure App Service Authentication is set on Azure App Service
- Azure Defender for App Service should be enabled
- Ensure FTP deployments are disabled
- Function apps should have 'Client Certificates (Incoming client certificates)' enabled
- CORS should not allow every resource to access your Function Apps
- FTPS only should be required in your Function App
- Ensure that 'HTTP Version' is the latest, if used to run the Function app
- Ensure that 'Java version' is the latest, if used as a part of the Function app
- Ensure that 'Python version' is the latest, if used as a part of the Function app
- Latest TLS version should be used in your Function App
- Function App should only be accessible over HTTPS
- Managed identity should be used in your Function App
- Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'
- CORS should not allow every resource to access your Web Applications
- Diagnostic logs in App Services should be enabled
- FTPS should be required in your Web App
- Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'
- Ensure that 'HTTP Version' is the latest, if used to run the Web app
- Ensure that 'Java version' is the latest, if used as a part of the Web app
- Ensure that 'PHP version' is the latest, if used as a part of the WEB app
- Ensure that 'Python version' is the latest, if used as a part of the Web app
- Latest TLS version should be used in your Web App
- Ensure that Register with Azure Active Directory is enabled on App Service
- Remote debugging should be turned off for Web Applications
- Web Application should only be accessible over HTTPS
- App Service should use a virtual network service endpoint
- Managed identity should be used in your Web App