A recent feature deployed for App Services (Web App, Mobile App, API App or Logic App) is a tool that can scan your App Service for vulnerabilities, announced here.
Once you have signed up, you will see a link to your management console similar to that shown in Figure 1.
Figure 1, check your App Service for vulnerabilities
It did take some minutes for the extension to be installed, be a little patient, but in the end it worked just fine and clicking on the link navigated me to the extension within my KUDU console, Figure 2. I discuss what KUDU is here.
Figure 2, scanning an App Service (Web App, Mobile App, API App and Logic App) for security
You can also see the installed extension in KUDU by clicking on the Site Extensions link, similar to that shown in Figure 3.
Figure 3, security App Service, secure cloud, secure Web App
Once complete you can view the results, Figure 4, and if there is anything found, you can take an action on them. I found none when I scanned my Web App.
Figure 4, scan results for security scan of an App Service (Web App, Mobile App, API App and Logic App)