Azure App Service Automated Backup Not Configured
ID: azure-appservice-backup-not-enabled
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
Description
Section titled “Description”Ensure that Backup and Restore feature is enabled and configured to create custom backups for your Microsoft Azure App Service applications.
YAML Source
Section titled “YAML Source”id: azure-appservice-backup-not-enabledinfo: name: Azure App Service Automated Backup Not Configured author: princechaddha severity: medium description: | Ensure that Backup and Restore feature is enabled and configured to create custom backups for your Microsoft Azure App Service applications. impact: | If Automated Backups are not enabled and configured, it may lead to potential data loss and non-compliance with regulatory requirements. remediation: | Enable and configure the Backup and Restore feature for Azure App Services applications through the Azure portal or Azure CLI to ensure compliance and data integrity. reference: - https://docs.microsoft.com/en-us/azure/app-service/manage-backup tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { AppServiceData = JSON.parse(AppServiceData); set("name", AppServiceData.name); set("resourceGroup", AppServiceData.resourceGroup); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az webapp list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'
extractors: - type: json name: appServiceList internal: true json: - '.[]'
- engine: - sh - bash source: | az webapp config backup show --webapp-name $name --resource-group $resourceGroup --output json
matchers: - type: word part: stderr words: - "Backup configuration not found"
extractors: - type: dsl dsl: - 'name + " in " + resourceGroup + " does not have automated backups enabled"'# digest: 4b0a004830460221009023e345006bc362d6981677ef17287bdc886372a95eab24ea1d0252198aa0e1022100e1c13f7deb35af6eec29d45e919773bcf7ee455dac2a32a8ed1cd7ca3fe89316:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/appservice/azure-appservice-backup-not-enabled.yaml"