Fork me on GitHub

Implementation -> Infrastructure Hardening: Production near environments are used by developers

Risk and Opportunity

Risk: In case an errors occurs in production, the developer need to be able to create a production near environment on a local development environment.
Opportunity: Usage of infrastructure as code helps to create a production near environment. The developer needs to be trained in order to setup a local development environment. In addition, it should be possible to create production like test data. Often personal identifiable information is anonymized in order to comply with data protection laws.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Defined deployment process, Infrastructure as Code
OWASP SAMM 1 Mapping: SA1
OWASP SAMM 2 Mapping: o-environment-management|A|1
ISO27001:2017 Controls Mapping: