Azure App Service TLS Latest Version Not Configured
ID: azure-appservice-tls-latest-version-missing
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
Description
Section titled “Description”Ensure that all Microsoft Azure App Service web applications are using the latest version of TLS encryption protocol to secure the applications traffic over the Internet and comply with the industry standards. This check verifies if the minimum TLS version configured is not “1.2”, indicating that the latest version of TLS is not used.
YAML Source
Section titled “YAML Source”id: azure-appservice-tls-latest-version-missinginfo: name: Azure App Service TLS Latest Version Not Configured author: princechaddha severity: medium description: | Ensure that all Microsoft Azure App Service web applications are using the latest version of TLS encryption protocol to secure the applications traffic over the Internet and comply with the industry standards. This check verifies if the minimum TLS version configured is not "1.2", indicating that the latest version of TLS is not used. impact: | Using an outdated TLS version can expose the application to security vulnerabilities and non-compliance with industry standards. remediation: | Configure the minimum TLS version to "1.2" in the Azure App Service settings to ensure data is encrypted with the latest security standards. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config
flow: | code(1); for (let appData of iterate(template.appList)) { appData = JSON.parse(appData); set("id", appData.id); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az webapp list --output json --query '[*].{id:id}'
extractors: - type: json name: appList internal: true json: - '.[]'
- engine: - sh - bash source: | az webapp config show --ids $id --query 'minTlsVersion' --output json
matchers: - type: word words: - "1.2" negative: true
extractors: - type: dsl dsl: - 'id + " does not have the latest TLS version configured"'# digest: 4a0a0047304502206a8f7d5ace61664435da4a71433913e520f5ad3007b68bb248d425e8f5c2d7ee022100ba22fba1b1d3c62be7fa3adb962ec8ca9752350d5005b3d9a59375ccef6e2c3d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/appservice/azure-appservice-tls-latest-version-missing.yaml"