Build and Deployment -> Deployment: Defined decommissioning process
Risk and Opportunity
Risk: Not used applications erode and are not maintained. As an evil actor, I exploit known vulnerabilities in the not maintained applicaitons to perform latteral movement within the organization.
Opportunity: By having a clear decommissioning process, applicaitons not used are not running anymore and can therefore not be explointed.
Usefulness and Requirements of this Activity
Required knowledge: Very Low (one discipline)
Required time: Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2