Network misconfigurations

Azure Application Gateway without Web Application Firewall

Platform(s)
Compliance Frameworks
  • CCPA
  • ,
  • cis_8
  • ,
  • CPRA
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Microsoft Cloud Security Benchmark
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications, offering various Layer 7 load-balancing capabilities. Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities, like SQL injections, Cross-Site Scripting, malware uploads, and DDoS attacks. The Azure Application Gateway - {AzureApplicationGateway} is configured without Azure Web Application Firewall, which leaves the Azure Application Gateway`s backend instances not secured.