Homepage

Find out if you have vulnerabilities that put you at risk

Test your applications
Toggle filtering controls
Report a new vulnerability
RULESERVICE GROUP
  • M
API Gateway Missing Rate Limiting and Throttling Controls
API Gateway (REST APIs)
  • M
API Gateway should require API key for access
API Gateway (REST APIs)
  • M
API Gateway X-Ray tracing is disabled
API Gateway (REST APIs)
  • M
API Management allows anonymous access to developer portal
API Management
  • M
API Management backend allows insecure TLS/SSL protocols
API Management
  • M
API Management frontend allows insecure TLS/SSL protocols
API Management
  • M
App Configuration does not use an SLA
App Service (Web Apps)
  • M
App Gateway does not use a production level SKU
Network
  • M
App Gateway does not use OWASP 3.x rules
Network
  • M
App Service does not use production-level SKU
App Service (Web Apps)
  • M
App Service HTTP/2 is disabled
App Service (Web Apps)
  • M
App Service is not protected by Azure Defender
Security Center
  • M
App Service is not running latest .NET version
App Service (Web Apps)
  • M
App Service is not running latest Java version
App Service (Web Apps)
  • M
App Service is not running latest PHP version
App Service (Web Apps)
  • M
App Service is not running latest Python version
App Service (Web Apps)
  • M
App Service Plan does not use two or more instances
App Service (Web Apps)
  • M
App Service remote debugging is enabled
App Service (Web Apps)
  • M
App Service web app authentication is not enabled
App Service (Web Apps)
  • M
App Service web app does not have 'Minimum TLS Version' set to '1.2'
App Service (Web Apps)
  • M
App Service web app does not use a managed identity
App Service (Web Apps)
  • M
AppStream is not configured with VPC
AppStream
  • M
AppSync cache data is not encrypted at rest
AppSync
  • M
AppSync cache data is not encrypted in transit
AppSync
  • M
AppSync GraphQL API Caching is not restricted
AppSync
  • M
Artifact registries are open to public
Artifact Registry
  • M
Artifact Registry not using Customer-Managed Encryption Keys (CMEK)
Artifact Registry
  • M
At least one project-level logging sink does not contain an empty filter
Monitor
  • M
Athena workgroup result encryption is not enforced
Athena
  • M
Athena workgroup settings can be overridden by client
Athena