Azure Connection Throttling Disabled
Description
Detects when connection throttling is disabled on Azure PostgreSQL databases. Connection throttling is a critical security control that prevents denial of service attacks by limiting concurrent connections from individual IP addresses. When disabled, databases may be vulnerable to connection flooding attacks.
Detection Strategy
• Queries the Azure PostgreSQL database configuration settings for each database instance
• Checks if the 'connection_throttling' parameter is set to 'off' (case-insensitive)
• Reports a vulnerability when connection throttling is disabled, including the database resource ID and configuration value
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.