Document Details

Threat Modeling Tool Input Validation
Home / Scan #237 / Threat Modeling Tool Input Validation
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
powershell_heavy
Summary
The documentation page demonstrates a strong Windows bias. Examples and configuration instructions are almost exclusively provided for Windows-centric technologies (ASP.NET, IIS, .NET, MSXML, web.config, C#), with little to no mention of Linux or cross-platform equivalents. Windows tools and APIs are referenced first and sometimes exclusively, while Linux/Unix alternatives (such as Apache/Nginx configuration, Python/Java code, or Linux file system guidance) are absent. Even generic security concepts are illustrated with Windows-specific code and configuration files.
Recommendations
  • Add equivalent examples for Linux-based stacks (e.g., Apache, Nginx, Node.js, Python, Java) alongside Windows/IIS examples.
  • Include configuration instructions for popular Linux web servers (e.g., setting HTTP headers in Apache/Nginx).
  • Provide code samples in languages commonly used on Linux (e.g., Python, Java, Go, PHP) in addition to C#.
  • Reference cross-platform libraries and tools for input validation and encoding (e.g., OWASP ESAPI, Python's bleach, Java's built-in validation).
  • When discussing file upload security, mention Linux file system considerations and anti-virus solutions available for Linux.
  • For XML entity resolution, include examples using Linux-friendly libraries (e.g., lxml in Python, Java's XML parsers).
  • Balance references to Windows-specific technologies (MSXML, IIS, .NET) with Linux/Unix alternatives.
  • Explicitly state when a mitigation or technique is platform-specific and provide alternatives for other platforms.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets