Azure Only Default Host Keys
Description
Detects Azure Function Apps that are only using default host-level keys without any custom function-level keys defined. This configuration may indicate insufficient access control granularity, as it relies solely on the master key rather than implementing function-specific access controls.
Detection Strategy
• Function App has only the default master key configured without any custom function keys defined
• The function_keys property is empty ({})
• The Function App still has a master key present but no function-specific keys
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.