Appspec Exposure¶

Description¶

Detects if Appspec YML or YAML files are publicly accessible, potentially revealing sensitive information.

Remediation¶

To remediate AppSpec Exposure, follow these steps:

1. Review and update the permissions on your AppSpec file to restrict access to authorized users only.
2. Ensure that the AppSpec file does not contain sensitive information or credentials.
3. Implement proper version control and change management procedures to prevent unauthorized modifications.
4. Use environment variables or a secure configuration management system to handle sensitive data.
5. Regularly audit your deployment process and access logs to detect any unauthorized access or changes.
6. Apply encryption to the AppSpec file during transmission and at rest if it must contain sensitive data.
7. Educate team members about the importance of security best practices related to deployment configurations.

Configuration¶

Identifier: information_disclosure/appspec_exposure

Examples¶

Ignore this check¶

checks:
  information_disclosure/appspec_exposure:
    skip: true

Score¶

• Escape Severity: info

Compliance¶

• OWASP: API8:2023
• OWASP LLM: LLM06:2023
• pci: 2.2.5
• gdpr: Article-32
• soc2: CC6
• psd2: Article-95
• iso27001: A.12.6
• nist: SP800-123
• fedramp: AC-22

Classification¶

• CWE: 200

Score¶

• CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N