Azure Web

Overview
Critical
1
High
1
Medium
5
Low
3
Informational
0
Security issues (10)
Severity Non-Compliance Region Resource Issue Remediation Read more Action
Medium eastus prevasio-web-app App Service has Always On feature disabled. To prevent your websites/web applications from being idled out due to inactivity and to keep them loaded even when there's no traffic, ensure that your App Services have Always On feature enabled. More info
Medium CIS 9.1 PCI DSS 10.2 HIPAA (Audit) eastus prevasio-web-app App Service has Authentication feature disabled. To add an extra layer of security to the authentication process, ensure that your App Services have Authentication feature enabled. More info
High eastus prevasio-web-app Web application has remote debugging enabled. To enhance security and protect the applications from unauthorized access, ensure that your App Services web applications have remote debugging disabled. More info
Low CIS 9.9 eastus prevasio-web-app App Service is not using the latest version of the HTTP protocol (HTTP 2.0). To make your web applications load faster, enable HTTP 2.0 for your App Services. More info
Medium CIS 9.3 PCI DSS (Old Protocols) eastus prevasio-web-app App Service has TLS version 1.1, which is lower than the desired TLS version 1.2. To comply with the industry standards, ensure TLS 1.2 or higher is used for all TLS connections to App Services. More info
Low eastus prevasio-web-app App Service uses Java 8u232, while the latest version of Java is 11. To take advantage of the latest security fixes, performance improvements, and new functionalities and features, ensure that all App Service web applications developed with Java use the latest available version of Java. More info
Medium CIS 9.4 eastus prevasio-web-app App Service is not configured to use an SSL certificate to authenticate incoming client requests. To configure the App Services to use an SSL certificate for incoming requests, enable "Incoming client certificates" configuration setting. More info
Medium CIS 9.2 PCI DSS 4.2 HIPAA (Encryption) eastus prevasio-web-app App Service is not enforcing HTTPS-only traffic. To redirect all non-secure HTTP requests to HTTPS so that the traffic between the web application servers and the application clients cannot be decrypted, enforce HTTPS-only traffic for your App Services. More info
Low eastus prevasio-web-app App Service does not have a managed identity assigned. To allow your app to easily access other AD-protected resources such as Azure Key Vault, assign a managed identity for your App Services. More info
Critical eastus prevasio.click-prevasio-web-app App Service certificate has expired 3 days ago. Make sure App Service certificates are configured to be auto-renewed. More info
App Services (1)
App service name Location Resource group Hostname Pricing tier Status Security issues
prevasio-web-appEast USprevasio-web-app_group prevasio.click
prevasio-web-app.azurewebsites.net
PremiumV2 Running 1 High + 8 others (details)
Private Key Certificates (1)
Certificate name Location Resource group Hostname Expires Thumbprint Security issues
prevasio.click-prevasio-web-appEast USprevasio-web-app_group prevasio.click 546E81B1AC6E5D5DD5AB8BDEB4F3FCC36208B34B 1 Critical (details)