界: Security Features
软件安全不是安全软件。此处我们关注的主题包括身份验证、Access Control、机密性、加密和权限管理。
Spring Boot Misconfiguration: DevTools Enabled
Abstract
在开发人员模式下配置 Spring Boot 应用程序。
Explanation
Spring Boot 应用程序已启用 DevTools。DevTools 包含一组额外工具,这些工具可以增加应用程序开发体验的乐趣,但不建议在生产环境的应用程序上使用 DevTools。Spring Boot 官方文档指出:“在远程应用程序上启用
spring-boot-devtools 存在安全风险。绝不能启用生产部署支持。”References
[1] Spring Boot Reference Guide Spring
[2] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[3] Standards Mapping - OWASP API 2023 API8 Security Misconfiguration
[4] Standards Mapping - OWASP Mobile 2014 M1 Weak Server Side Controls
[5] Standards Mapping - OWASP Top 10 2010 A6 Security Misconfiguration
[6] Standards Mapping - OWASP Top 10 2013 A5 Security Misconfiguration
[7] Standards Mapping - OWASP Top 10 2017 A6 Security Misconfiguration
[8] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 2.2.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 2.2.6
[11] Standards Mapping - Web Application Security Consortium Version 2.00 Application Misconfiguration (WASC-15)
desc.config.java.spring_boot_misconfiguration_devtools_enabled