T0193 - Sensitive information in environment variables
Environment variables are a type of configuration parameter that contain information about the environment in which an application is running.
These variables can be set and accessed by the operating system or application, and may contain sensitive information such as passwords, API keys, or other credentials.
ID:T0193
Type:Technique
Tactic:Collection
Summary:Sensitive information in environment variables
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1120
Mitigation
Mitigation Store credentials in vault Sensitive data like credentials and API tokens should not be stored directly in code.
Modern applications talk to many third-party APIs, SaaS solutions and other dependecies. This integration usually requires an API token, username & password credential or other similar variable. Sometimes these sensitive credentials include database host strings or hostnames. All of these credentials should not be stored directly in code. Software engineers often don't understand the consequences of embedding these credentials in code. This is especially true for Javascript applications that run client side as these credentials are often visible by inspecting the Javascript files running in the local browser
M1930
Mitigation
Detection Avoid storing sensitive information in environment variables Avoid storing sensitive information in environment variables wherever possible.
Detection Avoid storing sensitive information in environment variables Avoid storing sensitive information in environment variables wherever possible.
M1931
Mitigation
Detection Use a secure secrets management system Use a secure secrets management system to store and retrieve sensitive information.
Detection Use a secure secrets management system Use a secure secrets management system to store and retrieve sensitive information.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1260
Detection
Detection Implement regular security audit and review Conduct regular security audits and vulnerability assessments of your systems and storages configurations to identify and address any potential misconfigurations or vulnerabilities that could lead to exposed storage.
This includes reviewing access controls, encryption settings, and other security configurations to ensure they are aligned with best practices and organizational security policies.
D1261
Detection
Detection Implement penetration testing Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.
It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.
D1262
Detection
Detection Implement vulnerability assesment Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.
It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.
D1930
Detection
Detection Regularly review and audit environment variables Regularly review and audit environment variables to ensure that they do not contain sensitive information.
Detection Regularly review and audit environment variables Regularly review and audit environment variables to ensure that they do not contain sensitive information.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
