d3fend-ontology icon indicating copy to clipboard operation
d3fend-ontology copied to clipboard

Published 20 hours ago verified publisher icon d3fend

Eliminate Credentials In Code

Open AashiqRamachandran opened this issue 1 year ago • 1 comments

Eliminate Credentials In Code

Digital Artifacts

Eliminate Credentials In Code Evicts Credential

Definition

Remove any “credentials” or “access keys” from compiled source code.

How it works

Credentials, or secrets in compiled code, can lead to compromise of target services. Credentials in code must be detected and eliminated promptly. Credentials apart from being eliminated must also be disabled once it's made its way into git/ version control history. Credentials are always to be accessed via a secret manager, and not to be held in persistent memory in an un-encrypted form

Considerations

While configuring a credential manager, it is important to handle role accesses, and credential keys correctly to ensure unauthorized entities are not able to access stored credentials

Contributed By:

Aashiq Ramachandran, Cyware Labs

MITRE D3FEND Tactic:

Harden

AashiqRamachandran avatar May 19 '23 11:05 AashiqRamachandran

@hack-sentinel

Credentials might be in software, need to consider modeling that.

netfl0 avatar Jan 25 '24 23:01 netfl0