Appspec Exposure
Description
Detects if Appspec YML or YAML files are publicly accessible, potentially revealing sensitive information.
Remediation
To remediate AppSpec Exposure, follow these steps:
- Review and update the permissions on your AppSpec file to restrict access to authorized users only.
- Ensure that the AppSpec file does not contain sensitive information or credentials.
- Implement proper version control and change management procedures to prevent unauthorized modifications.
- Use environment variables or a secure configuration management system to handle sensitive data.
- Regularly audit your deployment process and access logs to detect any unauthorized access or changes.
- Apply encryption to the AppSpec file during transmission and at rest if it must contain sensitive data.
- Educate team members about the importance of security best practices related to deployment configurations.
Configuration
Identifier:
information_disclosure/appspec_exposure
Examples
Ignore this check
checks:
information_disclosure/appspec_exposure:
skip: true
Score
- Escape Severity: INFO
Compliance
OWASP: API8:2023
pci: 2.2.5
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.12.6
nist: SP800-123
fedramp: AC-22
Classification
- CWE: 200