Reino: Encapsulation

Encapsulamento consiste em traçar limites fortes. Em um navegador web, isso pode significar que seu código para dispositivos móveis não pode ser abusado por outros códigos para dispositivos móveis. No servidor, pode significar a diferenciação entre dados validados e não validados, entre os dados de dois usuários ou entre os dados que os usuários podem ou não acessar.

.NET Bad Practices: Leftover Debug Code

Abstract
O código de depuração pode ter efeitos colaterais indesejados na implantação.
Explanation
APIs destinadas apenas para fins de depuração são usadas.
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 489
[2] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[3] Standards Mapping - OWASP Application Security Verification Standard 4.0 14.2.2 Dependency (L1 L2 L3), 14.3.2 Unintended Security Disclosure Requirements (L1 L2 L3)
[4] Standards Mapping - OWASP Top 10 2007 A6 Information Leakage and Improper Error Handling
[5] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.10
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.5
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.5
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.5
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.5
[12] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.5
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 3.6 - Sensitive Data Retention
[15] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 3.6 - Sensitive Data Retention
[16] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 3.6 - Sensitive Data Retention
[17] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3620 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3620 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3620 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3620 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3620 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3620 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3620 CAT II
desc.structural.dotnet.dotnet_bad_practices_leftover_debug_code