Azure Storage Static Website Configuration Review
ID: azure-storage-static-website-review
Severity: medium
Author: princechaddha
Tags: cloud,devops,azure,microsoft,storage-account,azure-cloud-config
Description
Section titled “Description”Ensure that all the Microsoft Azure Storage accounts configured to host static websites are regularly reviewed for security and compliance purposes. Upon enabling this rule on your Cloud Conformity console, you must specify the storage account or the list of storage accounts that are expected to host static content (HTML, CSS, JavaScript, and image files).
YAML Source
Section titled “YAML Source”id: azure-storage-static-website-reviewinfo: name: Azure Storage Static Website Configuration Review author: princechaddha severity: medium description: | Ensure that all the Microsoft Azure Storage accounts configured to host static websites are regularly reviewed for security and compliance purposes. Upon enabling this rule on your Cloud Conformity console, you must specify the storage account or the list of storage accounts that are expected to host static content (HTML, CSS, JavaScript, and image files). impact: | Failing to review storage accounts hosting static websites can lead to potential security risks and non-compliance with data handling standards. remediation: | Regularly review your Azure Storage accounts that host static websites and ensure they comply with security and data protection standards. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website tags: cloud,devops,azure,microsoft,storage-account,azure-cloud-config
flow: | code(1); for (let accountData of iterate(template.accountList)) { accountData = JSON.parse(accountData); set("name", accountData.Name); code(2); }
self-contained: truecode: - engine: - sh - bash source: | az storage account list --query '[*].{"Name":name}'
extractors: - type: json name: accountList internal: true json: - '.[]'
- engine: - sh - bash source: | az storage blob service-properties show --account-name "$name" --query 'staticWebsite.enabled'
matchers-condition: and matchers: - type: word words: - 'true'
extractors: - type: dsl dsl: - 'name + " is configured to host static websites"'# digest: 4b0a00483046022100c3d64734e30f3a30c17a43790cf744f19f44e1028c933c8d5d86d2aeb3be3fc70221008863ddfecdf39a9ac4ae639a682f6b260c2e1cdd3bdb0266c2c3555971f2e41f:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/azure/storageaccounts/azure-storage-static-website-review.yaml"