prevasio-web-app
Region: eastus
Overview
Critical
0High
1Medium
5Low
3Informational
0Security issues (9)
| Severity | Non-Compliance | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|
| Medium | — | App Service has Always On feature disabled. | To prevent your websites/web applications from being idled out due to inactivity and to keep them loaded even when there's no traffic, ensure that your App Services have Always On feature enabled. | More info | |
| Medium | CIS 9.1 PCI DSS 10.2 HIPAA (Audit) | App Service has Authentication feature disabled. | To add an extra layer of security to the authentication process, ensure that your App Services have Authentication feature enabled. | More info | |
| High | — | Web application has remote debugging enabled. | To enhance security and protect the applications from unauthorized access, ensure that your App Services web applications have remote debugging disabled. | More info | |
| Low | CIS 9.9 | App Service is not using the latest version of the HTTP protocol (HTTP 2.0). | To make your web applications load faster, enable HTTP 2.0 for your App Services. | More info | |
| Medium | CIS 9.3 PCI DSS (Old Protocols) | App Service has TLS version 1.1, which is lower than the desired TLS version 1.2. | To comply with the industry standards, ensure TLS 1.2 or higher is used for all TLS connections to App Services. | More info | |
| Low | — | App Service uses Java 8u232, while the latest version of Java is 11. | To take advantage of the latest security fixes, performance improvements, and new functionalities and features, ensure that all App Service web applications developed with Java use the latest available version of Java. | More info | |
| Medium | CIS 9.4 | App Service is not configured to use an SSL certificate to authenticate incoming client requests. | To configure the App Services to use an SSL certificate for incoming requests, enable "Incoming client certificates" configuration setting. | More info | |
| Medium | CIS 9.2 PCI DSS 4.2 HIPAA (Encryption) | App Service is not enforcing HTTPS-only traffic. | To redirect all non-secure HTTP requests to HTTPS so that the traffic between the web application servers and the application clients cannot be decrypted, enforce HTTPS-only traffic for your App Services. | More info | |
| Low | — | App Service does not have a managed identity assigned. | To allow your app to easily access other AD-protected resources such as Azure Key Vault, assign a managed identity for your App Services. | More info |