Ensure Azure App service slot has debugging disabled
Error: Azure App service slot does not have debugging disabled
Bridgecrew Policy ID: BC_AZR_NETWORKING_58
Checkov Check ID: CKV_AZURE_155
Severity: LOW
Azure App service slot does not have debugging disabled
Description
Disabling debugging for your Azure App Service slot can help improve the security of your app. Debugging allows you to troubleshoot issues with your app by providing access to detailed information about how the app is functioning. However, it can also make it easier for attackers to gain access to sensitive information about your app, such as its code and configuration.
Fix - Runtime
Fix - Buildtime
Terraform
- Resource: azurerm_app_service_slot
- Argument: remote_debugging_enabled (default is false)
resource "azurerm_app_service_slot" "pass2" {
name = "ted"
app_service_name = azurerm_app_service.example.name
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
https_only = false #thedefault
site_config {
dotnet_framework_version = "v4.0"
min_tls_version = "1.2" #the default is 1.2
remote_debugging_enabled = false #default is false
}
app_settings = {
"SOME_KEY" = "some-value"
}
connection_string {
name = "Database"
type = "SQLServer"
value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
}
}
Updated 3 months ago