Fork me on GitHub

Test and Verification -> Dynamic depth for infrastructure: Test for unused Resources

Risk and Opportunity

Risk: Unused resources, specially secrets, might be still valid, but are exposing information. As an attacker, I compromise a system, gather credentials and try to use them.
Opportunity: Test for unused resources helps to identify unused resources.

Additional Information

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: Low
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017