Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
All Azure service groups
API Management
App Service (Web Apps)
Authorization
Automation
Batch
CDN
Compute
Container
CosmosDB (DocumentDB)
Data Factory
Data Lake
Database
Key Vault
Monitor
Network
Redis
Role
Search
Security Center
Service Fabric
Storage
Synapse
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
API Gateway Missing Rate Limiting and Throttling Controls
API Gateway (REST APIs)
M
API Gateway should require API key for access
API Gateway (REST APIs)
M
API Gateway X-Ray tracing is disabled
API Gateway (REST APIs)
M
API Management allows anonymous access to developer portal
API Management
M
API Management backend allows insecure TLS/SSL protocols
API Management
M
API Management frontend allows insecure TLS/SSL protocols
API Management
M
App Configuration does not use an SLA
App Service (Web Apps)
M
App Gateway does not use a production level SKU
Network
M
App Gateway does not use OWASP 3.x rules
Network
M
App Service does not use production-level SKU
App Service (Web Apps)
M
App Service HTTP/2 is disabled
App Service (Web Apps)
M
App Service is not protected by Azure Defender
Security Center
M
App Service is not running latest .NET version
App Service (Web Apps)
M
App Service is not running latest Java version
App Service (Web Apps)
M
App Service is not running latest PHP version
App Service (Web Apps)
M
App Service is not running latest Python version
App Service (Web Apps)
M
App Service Plan does not use two or more instances
App Service (Web Apps)
M
App Service remote debugging is enabled
App Service (Web Apps)
M
App Service web app authentication is not enabled
App Service (Web Apps)
M
App Service web app does not have 'Minimum TLS Version' set to '1.2'
App Service (Web Apps)
M
App Service web app does not use a managed identity
App Service (Web Apps)
M
AppStream is not configured with VPC
AppStream
M
AppSync cache data is not encrypted at rest
AppSync
M
AppSync cache data is not encrypted in transit
AppSync
M
AppSync GraphQL API Caching is not restricted
AppSync
M
Artifact registries are open to public
Artifact Registry
M
Artifact Registry not using Customer-Managed Encryption Keys (CMEK)
Artifact Registry
M
At least one project-level logging sink does not contain an empty filter
Monitor
M
Athena workgroup result encryption is not enforced
Athena
M
Athena workgroup settings can be overridden by client
Athena
Previous
Next
