Skip to content

AZT503 - HTTP Trigger#

Adversaries may configure a resource with an HTTP trigger to run commands without needing authentication.

ID Name Description Action Resources
AZT503.1 Logic Application Adversaries may configure a Logic Application with an HTTP trigger to run commands without needing authentication. Microsoft.Logic/workflows/write Logic Application
Microsoft.Logic/workflows/run/action
Microsoft.Logic/operations/read
AZT503.2 Function App Adversaries may configure a Function App with an HTTP trigger to run commands without needing authentication. Microsoft.Web/sites/Write Function App
microsoft.web/sites/functions/action
microsoft.web/sites/functions/write
AZT503.3 Runbook Webhook Adversaries may create a webhook to a Runbook which allows unauthenticated access into an Azure subscription or tenant. Microsoft.Automation/automationAccounts/runbooks/* Automation Account
AZT503.4 WebJob Adversaries may create a WebJob on a App Service which allows arbitrary background tasks to be run on a set schedule Microsoft.Web/sites/Write App Service