AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Hardcoded Password

Hardcoded passwords are prohibited by various security standards, but also a bad practice since a successful hack attempt can be used against developers knowing the production passwords

Severity

High

Fix Cost

Medium

Trust Level

Low

It’s very attractive to keep a service account’s password in the code. Because this method of storing seems to be very convenient and simple. However, there are a substantial amount of standards (such as PCI-DSS, HIPAA, SOX etc.) that have put rules against this style of coding. Moreover, it’s in fact hard to maintain a password this way since the password might change or locked, as such needs maintenance.

Additionally, if a hacker somehow successfully gathers a piece of the code, he will eventually get the hardcoded password. GitHub is full of software projects with hardcoded passwords stored in the code.

It’s very attractive to keep a service account’s password in the code. Because this method of storing seems to be very convenient and simple. However, there are a substantial amount of standards (such as PCI-DSS, HIPAA, SOX etc.) that have put rules against this style of coding. Moreover, it’s in fact hard to maintain a password this way since the password might change or locked, as such needs maintenance.

Additionally, if a hacker somehow successfully gathers a piece of the code, he will eventually get the hardcoded password. GitHub is full of software projects with hardcoded passwords stored in the code.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!