We’re excited to announce that web vulnerability scanning powered by Tinfoil Security is now available for Azure App Services! This will enable you to scan your Azure Web Apps and help secure your web app as you develop it. According to the Web Application Security Consortium ,“more than 13%* of all reviewed sites can be compromised completely automatically” and “about 49% of web applications contain vulnerabilities of high risk level”. Tinfoil Security’s own statistics show that 75% of web apps they scan have a vulnerability on the first scan. As web applications become the cornerstone of more and more businesses, they also become a potential source of threats to the IT security of a company. Tinfoil Security scanning through Azure App Service offers developers and administrators a fast, integrated and economical means to discovering and addressing these issues before they can be abused by a malicious actor. Microsoft Azure App Service chose Tinfoil Security because they are a trusted name in web application security and offer a strong set of services that will help our customers keep their web apps secure. For Azure Web Apps, Tinfoil Security is the only security vulnerability scanning option built into the Azure App Service management experience. We hope you enjoy utilizing Tinfoil Security during your development and as always, we look forward to your feedback.
How do I set it up?
Go to the Azure Management Portal and select the Web App that you would like to enable scanning on. After selecting the Diagnose and Solve Problems option you will find the “Diagnostic Tools” box as shown below:
From there, select "Security Scanning".
Selecting this option will give you several plans. Clicking through the license agreements will complete the purchase for you. Once complete, you will see a link to the management dashboard on the Tinfoil Security blade ( shown below). Browsing to this site will take you to the Tinfoil management dashboard. When you browse to the management dashboard it will automatically install the latest version of the dashboard and you might see a dialog box notifying you of the installation. After this installation completes, you should see a dashboard that looks like the image below. You can immediately start a scan from here or schedule scans under the Settings tab. The Results tab will have the results of your scan once it is complete.