Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > Appservice >

Use Secure Tls Policy

HIGH
Source
Trivy/CSPM
CSPM ID
tls-version-check
ID
AVD-AZU-0006
management_console terraform

Web App uses latest TLS version

Use a more recent TLS/SSL policy for the App Service

Impact

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the Microsoft Azure Management Console.

  2. Find the search bar at the top and search for App Services. Step

  3. Select the “App Service” by clicking on “Name” to go to its configuration.Step

  4. Scroll down the selected “App Services” left navigation panel and under “Settings” click on the “TLS/SSL settings” option.Step

  5. On the “TLS/SSL settings” page select the Bindings tab, scroll down and under the “Protocol Settings” check the “Minimum TLS Version”. It’s recommended to use only latest version (1.2) of TLS.Step

  6. If the “App Service” is not using the latest version of the TLS then select 1.2 from the slider.Step

  7. Wait for the confirmation box to save changes.Step

  8. Repeat steps number 3 - 7 to verify all other “Apps” are using latest TLS version in the account.

The TLS version being outdated and has known vulnerabilities

1
2
3
4
5
6
7

 resource "azurerm_app_service" "good_example" {
   name                = "example-app-service"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name
   app_service_plan_id = azurerm_app_service_plan.example.id
 }
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use