>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

VM-17Embedded Authenticators

>Control Description

Quality Engineering checks to ensure that static passwords are not embedded within application source code or access scripts, prior to deployment on the Organization network.

Theme

Process

Type

Detective

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure a process has been defined and documented for performing source code check for vulnerabilities. 2. Ensure that static passwords are not embedded within application source code or access scripts, prior to deployment on the Organization network. 3. Ensure all vulnerabilities are tracked and resolved as per organization's SLA.

>Testing Procedure

1. Inspect and validate whether a process has been defined and documented for performing source code check for vulnerabilities. 2. Validate for a sample scan whether a check was done so that static passwords are not embedded within application source code or access scripts, prior to deployment on the Organization network. 3. For a sample source code vulnerability validate that it was tracked and resolved per SLA.

>Audit Artifacts

E-VM-15
E-RM-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
1

6.2.3.1

Ask AI

Configure your API key to use AI features.