Fluid Attacks Database

Description

Detects Azure Function Apps that have critical logging features disabled. Disabled logging can impair security monitoring, incident investigation, and compliance requirements by limiting visibility into application errors and incoming requests.

Weakness:

446 - Insecure service configuration - Azure

Category: Functionality Abuse

Detection Strategy

• Checks if detailed error logging is disabled (detailed_error_logging_enabled = false) for the Function App

• Checks if HTTP request tracing is disabled (request_tracing_enabled = false) for the Function App

• Reports a vulnerability if either or both logging features are disabled

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.