55 lines
1.9 KiB
YAML
55 lines
1.9 KiB
YAML
id: azure-appservice-tls-latest-version-missing
|
|
info:
|
|
name: Azure App Service TLS Latest Version Not Configured
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
Ensure that all Microsoft Azure App Service web applications are using the latest version of TLS encryption protocol to secure the applications traffic over the Internet and comply with the industry standards. This check verifies if the minimum TLS version configured is not "1.2", indicating that the latest version of TLS is not used.
|
|
impact: |
|
|
Using an outdated TLS version can expose the application to security vulnerabilities and non-compliance with industry standards.
|
|
remediation: |
|
|
Configure the minimum TLS version to "1.2" in the Azure App Service settings to ensure data is encrypted with the latest security standards.
|
|
reference:
|
|
- https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https
|
|
tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let appData of iterate(template.appList)) {
|
|
appData = JSON.parse(appData);
|
|
set("id", appData.id);
|
|
code(2);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp list --output json --query '[*].{id:id}'
|
|
|
|
extractors:
|
|
- type: json
|
|
name: appList
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
az webapp config show --ids $id --query 'minTlsVersion' --output json
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "1.2"
|
|
negative: true
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- 'id + " does not have the latest TLS version configured"'
|
|
# digest: 4a0a0047304502205b893e41caac893c10fa30a952a55004973238e31f21bb1bf2eea5e458f43b6f022100be4117c46dd7103ef5f8ae7a8aed45224efa375088a3044d75159f29c0a245c1:922c64590222798bb761d5b6d8e72950 |