Fork me on GitHub

Infrastructure -> Infrastructure Hardening: Production near environments are used by developers

Risk and Opportunity

Risk: In case an errors occurs in production, the developer need to be able to create a production near environment on a local development environment.
Opportunity: Usage of infrastructure as code helps to create a production near environment. The developer needs to be trained in order to setup a local develipment environment. In addition, it should be possible to create production like test data. Often peronal identifiable information is anonymised in order to comply with data protection laws.

Exploit details

Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Medium

Additional Information

Dependencies: Defined deployment process, Infrastructure as Code
OWASP SAMM 1 Mapping: SA1
OWASP SAMM 2 Mapping: o-environment-management|A|1