Appspec Exposure
Description
Detects if Appspec YML or YAML files are publicly accessible, potentially revealing sensitive information.
Remediation
To remediate AppSpec Exposure, follow these steps:
- Review and update the permissions on your AppSpec file to restrict access to authorized users only.
- Ensure that the AppSpec file does not contain sensitive information or credentials.
- Implement proper version control and change management procedures to prevent unauthorized modifications.
- Use environment variables or a secure configuration management system to handle sensitive data.
- Regularly audit your deployment process and access logs to detect any unauthorized access or changes.
- Apply encryption to the AppSpec file during transmission and at rest if it must contain sensitive data.
- Educate team members about the importance of security best practices related to deployment configurations.
Configuration
Identifier:
information_disclosure/appspec_exposure
Examples
Ignore this check
checks:
information_disclosure/appspec_exposure:
skip: true
Score
- Escape Severity: INFO
Compliance
- OWASP: API8:2023
- pci: 2.2.5
- gdpr: Article-32
- soc2: CC6
- psd2: Article-95
- iso27001: A.12.6
- nist: SP800-123
- fedramp: AC-22