Fork me on GitHub

Build and Deployment -> Deployment: Defined deployment process

Risk and Opportunity

Risk: Deployments without a defined process are error prone thus allowing old or untested artifact to be deployed.
Opportunity: A defined deployment process significantly lowers the likelihood of errors during the deployment phase.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

Implementation hints: Jenkins, Docker
OWASP SAMM 2 Mapping: i-secure-deployment|A|1
ISO27001:2017 Controls Mapping: