Kingdom: Environment

This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.

Insecure Deployment: Known Technology Fingerprint

Universal

Abstract

Failure to follow security best practices guidelines established for the underlying technology can expose an application to exploits targeting known security weaknesses.

Explanation

Fingerprinting the technology underlying the target application allows attackers to:
1. Target security weaknesses resulting from insecure development practices commonly observed in applications based on detected technology

Example: Hardcoded credentials and encryption keys in Java applets
2. Exploit known security issues reported against the detected technology

References

[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1

[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 1

[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1

[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal

[5] Standards Mapping - OWASP Mobile 2024 M2 Inadequate Supply Chain Security

[6] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 10.2 - Threat and Vulnerability Management

[7] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 10.2 - Threat and Vulnerability Management

[8] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 10.2 - Threat and Vulnerability Management, Control Objective C.1.6 - Web Software Components & Services

[9] Standards Mapping - Web Application Security Consortium Version 2.00 Fingerprinting (WASC-45)

desc.dynamic.xtended_preview.insecure_deployment_known_technology_fingerprint