Test and Verification -> Dynamic depth for infrastructure: Test for unused Resources
Risk and Opportunity
Risk: Unused resources, specially secrets, might be still valid, but are exposing information. As an attacker, I compromise a system, gather credentials and try to use them.
Opportunity: Test for unused resources helps to identify unused resources.
- K8sPurger, Link, Tags: vulnerability scanner dast infrastrcture
Usefulness and Requirements of this Activity
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2