| π AWS API Gateway API Route Authorization Type is not configured π’ | 1 | π’ x6 |
| π AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication π’ | 1 | π’ x6 |
| π AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic π’ | 1 | π’ x6 |
| π AWS CloudFront Web Distribution uses default SSL/TLS certificate π’ | 1 | π’ x6 |
| π AWS CloudFront Web Distribution uses Dedicated IP for SSL π’ | 1 | π’ x6 |
| π AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins π’ | 1 | π’ x6 |
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π AWS DMS Endpoint doesn't use SSL π’ | 1 | π’ x6 |
| π AWS DMS Replication Instance is publicly accessible π’ | 1 | π’ x6 |
| π AWS EBS Snapshot is publicly accessible π’ | 1 | π’ x6 |
| π AWS EC2 Auto Scaling Group behind ELB assigns public IP to instances π’ | 1 | π’ x6 |
| π AWS EC2 Default Security Group does not restrict all traffic π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows public IPv6 (::/0) access to admin ports π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted CIFS traffic π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted FTP traffic π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted RPC traffic π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted SMTP traffic π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted traffic to MSSQL π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted traffic to MySQL π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted traffic to PostgreSQL π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted Telnet traffic π’ | 1 | π’ x6 |
| π AWS RDS Instance is publicly accessible and in an unrestricted public subnet π’ | 1 | π’ x6 |
| π AWS RDS Instance uses default endpoint port π’ | 1 | π’ x6 |
| π AWS RDS Snapshot is publicly accessible π’ | 1 | π’ x6 |
| π AWS S3 Bucket is not configured to block public access π’ | 1 | π’ x6 |
| π AWS S3 Bucket Policy is not set to deny HTTP requests π’ | 1 | π’ x6 |
| π AWS S3 Bucket Versioning is not enabled π’ | 1 | π’ x6 |
| π Azure App Service Authentication is disabled and Basic Authentication is enabled π’ | 1 | π’ x6 |
| π Azure App Service Basic Authentication is enabled π’ | | π’ x3 |
| π Azure App Service HTTPS Only configuration is not enabled π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure SQL Server Auditing is not enabled π’ | 1 | π’ x6 |
| π Azure SQL Server Auditing Retention is less than 90 days π’ | 1 | π’ x6 |
| π Azure Storage Account Secure Transfer Required is not enabled π’ | 1 | π’ x6 |
| π Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests π’ | 1 | π’ x6 |
| π Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests π’ | 1 | π’ x6 |
| π Azure Subscription Network Watcher is not enabled in every available region π’ | 1 | π’ x6 |
| π Google API Key is not restricted for unused APIs π’ | 1 | π’ x6 |
| π Google API Key is not rotated every 90 days π’ | 1 | π’ x6 |
| π Google Cloud SQL Instance External Authorized Networks do not whitelist all public IP addresses π’ | 1 | π’ x6 |
| π Google GCE Instance has a public IP address π’ | 1 | π’ x6 |
| π Google GCE Instance IP Forwarding is not disabled. π’ | 1 | π’ x6 |
| π Google GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet π’ | 1 | π’ x6 |
| π Google Project has API Keys π’ | 1 | π x1, π’ x5 |