Azure Function 漏洞列表

To follow Azure cloud security best practices and prevent anonymous access, ensure that all the HTTP-triggered Azure functions managed with Microsoft Azure Function App are configured to use access keys to securely invoke functions via URLs. Access keys with a HOST scope (i.e., function keys) can be used to access all HTTP-triggered functions within the Azure Function App.

Ensure that your functions managed with Microsoft Azure Function App don't have privileged administrative permissions in order to promote the Principle of Least Privilege (POLP) and provide your functions the minimal amount of access required to perform their tasks.

Ensure that the functions managed with Microsoft Azure Function App are configured to use Azure Monitor Application Insights. Application Insights is a robust APM solution designed to cater to the needs of both developers and DevOps experts. By enabling this service, you can effortlessly set up continuous monitoring for your serverless application. Application Insights excels at identifying performance irregularities and offers a suite of potent analytical tools to assist you in troubleshooting problems and gaining deep insights into user interactions with your application.

To follow Azure cloud security best practices and prevent public exposure, ensure that the functions managed with Microsoft Azure Function App are not publicly accessible. An Azure function is considered publicly accessible when it is configured to allow inbound access through the default (public) endpoint.

Ensure that functions managed with Azure Function App are using system-assigned managed identities in order to allow secure application access to other Microsoft Azure cloud resources such as SQL databases, storage accounts, and key vaults. Using system-assigned managed identities minimizes risks, simplifies management, and maintains compliance with evolving Azure cloud services.

To follow Azure networking best practices and securely access cloud resources available within your Azure Virtual Network (VNet), ensure that Virtual Network integration is enabled for your Microsoft Azure Function Apps. With Virtual Network integration, you can restrict your Function App outbound connections to specific, trusted VNets only.