Document Details

Threat Modeling Tool Communication Security
Home / Scan #41 / Threat Modeling Tool Communication Security
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
powershell_heavy
Summary
The documentation demonstrates a clear Windows bias: examples and recommendations are almost exclusively focused on Windows-centric technologies (e.g., ASP.NET, WCF, ADO.NET, SQL Server Management Studio, web.config, ServicePointManager, SMB 3.x for Windows clients). There are no Linux-specific examples or equivalent Linux tooling mentioned, and the only code samples are in C#/.NET. Instructions for enforcing HTTPS, certificate pinning, and secure configuration are all tailored to Windows environments, with no parity for Linux or cross-platform scenarios.
Recommendations
  • Provide Linux-specific examples and instructions for each mitigation, such as using Nginx/Apache for HTTPS enforcement, OpenSSL for certificate validation, and Linux SMB clients (e.g., smbclient, mount.cifs) for Azure Files.
  • Include code samples in other cross-platform languages (e.g., Python, Java, Node.js) and show how to implement security features on Linux.
  • Mention Linux tools (e.g., sqlcmd for SQL Server, curl/wget for HTTP requests, systemd for service accounts) alongside or before Windows tools.
  • For configuration examples (e.g., URL Rewrite), provide equivalent Nginx/Apache configuration snippets.
  • When referencing service accounts and least-privilege, include Linux best practices (e.g., using dedicated system users, systemd service files).
  • Update references and links to include Linux documentation and community resources.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>