Azure Api Management Public Network Access Enabled
Description
Detects Azure API Management services that have public network access enabled, which allows the API management endpoint to be accessed from the public internet. This configuration may increase the attack surface by exposing API management functionality to untrusted networks.
Detection Strategy
• Scans all Azure API Management services in the subscription
• Reports a vulnerability if the 'public_network_access' setting is explicitly set to 'Enabled'
• Each vulnerable API Management service is reported individually with its resource ID and current public access configuration
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.