Fork me on GitHub

Build and Deployment -> Deployment: Environment depending configuration parameters

Risk and Opportunity

Risk: Attackers who compromise source code can see confidential access information like database credentials.
Opportunity: Configuration parameters are set for each environment not in the source code.

Exploit details

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low

Additional Information

OWASP SAMM 1 Mapping: SA2-A
OWASP SAMM 2 Mapping: i-secure-deployment|B|2 TODO might be 1