Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading resources...

Resource Type: Azure > App Service > Web App

The Web App resource type enables developers to host and manage web applications, RESTful APIs, and backend services in a fully managed environment. It abstracts infrastructure management, allowing users to focus on application development.

Resource Context

Web App is a part of the App Service service.

Each Web App lives under a Resource Group.

Controls

The primary controls for Azure > App Service > Web App are:

  • Active
  • Allowed
  • Approved
  • Client Certificate Mode
  • CMDB
  • Discovery
  • FTPS State
  • HTTP 2.0 Enabled
  • HTTPS Only
  • Minimum TLS Version
  • ServiceNow
  • System Assigned Identity
  • Tags

It is also targeted by these controls:

  • Azure > CIS v1 > 9 Application Services > 9.01 Ensure App Service Authentication is set on Azure App Service (Scored)
  • Azure > CIS v1 > 9 Application Services > 9.02 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service (Scored)
  • Azure > CIS v1 > 9 Application Services > 9.03 Ensure web app is using the latest version of TLS encryption (Scored)
  • Azure > CIS v1 > 9 Application Services > 9.04 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Scored)
  • Azure > CIS v1 > 9 Application Services > 9.05 Ensure that Register with Azure Active Directory is enabled on App Service (Scored)
  • Azure > CIS v1 > 9 Application Services > 9.06 Ensure that '.Net Framework' version is the latest, if used as a part of the web app (Not Scored)
  • Azure > CIS v1 > 9 Application Services > 9.07 Ensure that 'PHP version' is the latest, if used to run the web app (Not Scored)
  • Azure > CIS v1 > 9 Application Services > 9.08 Ensure that 'Python version' is the latest, if used to run the web app (Not Scored)
  • Azure > CIS v1 > 9 Application Services > 9.09 Ensure that 'Java version' is the latest, if used to run the web app (Not Scored)
  • Azure > CIS v1 > 9 Application Services > 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app (Not Scored)
  • Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
  • Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
  • Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
  • Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
  • Azure > CIS v3.0 > 06 - Logging & Monitoring > 06.01 - Configuring Diagnostic Settings > 06.01.06 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v3.0 > 09 - Application Services > 09.01 - Ensure 'HTTPS Only' is set to `On`
  • Azure > CIS v3.0 > 09 - Application Services > 09.02 - Ensure App Service Authentication is set up for apps in Azure App Service
  • Azure > CIS v3.0 > 09 - Application Services > 09.03 - Ensure 'FTP State' is set to 'FTPS Only' or 'Disabled'
  • Azure > CIS v3.0 > 09 - Application Services > 09.04 - Ensure Web App is using the latest version of TLS encryption
  • Azure > CIS v3.0 > 09 - Application Services > 09.05 - Ensure that Register with Entra ID is enabled on App Service
  • Azure > CIS v3.0 > 09 - Application Services > 09.06 - Ensure that 'Basic Authentication' is 'Disabled'
  • Azure > CIS v3.0 > 09 - Application Services > 09.07 - Ensure that 'PHP version' is currently supported (if in use)
  • Azure > CIS v3.0 > 09 - Application Services > 09.08 - Ensure that 'Python version' is currently supported (if in use)
  • Azure > CIS v3.0 > 09 - Application Services > 09.09 - Ensure that 'Java version' is currently supported (if in use)
  • Azure > CIS v3.0 > 09 - Application Services > 09.10 - Ensure that 'HTTP20enabled' is set to 'true' (if in use)
  • Azure > CIS v3.0 > 09 - Application Services > 09.12 - Ensure that 'Remote debugging' is set to 'Off'
  • Azure > CIS v4.0 > 07 - Management and Governance > 07.01 - Logging and Monitoring > 07.01.01 - Configuring Diagnostic Settings > 07.01.01.06 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
  • Azure > CIS v5.0 > 6 - Management and Governance Services > 6.01 - Logging and Monitoring > 6.01.01 - Configuring Diagnostic Settings > 6.01.01.06 - Ensure that logging for Azure AppService 'HTTP logs' is enabled

Quick Actions

  • Delete
  • Router
  • Set Client Certificate Mode
  • Set FTPS State
  • Set HTTP 2.0 Enabled
  • Set HTTPS Only
  • Set Minimum TLS Version
  • Set System Assigned Identity
  • Set Tags

Category

  • Compute

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/azure-appservice#/resource/types/webApp
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/compute
    • GraphQL
    • query resource(id: "tmod:@turbot/azure-appservice#/resource/types/webApp") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-appservice#/resource/types/webApp'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/azure-appservice#/resource/types/webApp"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-appservice#/resource/types/webApp';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-appservice#/resource/types/webApp"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-appservice#/resource/types/webApp' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
204
Resource Types
3,575
Policies
1,941
Controls
103
Quick Actions
111
IAM