Implementation -> Infrastructure Hardening: Production near environments are used by developers
Risk and Opportunity
Risk: In case an errors occurs in production, the developer need to be able to create a production near environment on a local development environment.
Opportunity: Usage of infrastructure as code helps to create a production near environment. The developer needs to be trained in order to setup a local development environment. In addition, it should be possible to create production like test data. Often personal identifiable information is anonymized in order to comply with data protection laws.
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium
Dependencies: Defined deployment process, Infrastructure as Code
OWASP SAMM 1 Mapping: SA1
OWASP SAMM 2 Mapping: o-environment-management|A|1
ISO27001:2017 Controls Mapping: