Skip to content

Production Token Is Used by IDE Client

Eco-system support

  • AWS IAM Access token

  • Azure app registration token

  • GCP Service Account key

Description

Developers debugging the production environment from their IDE exposes a considerable attack surface and poses a significant security threat. This practice may potentially result in a breach, data exposure, and compliance complications.

Detection triggers

  • Token usage event from a client user-agent that is linked to an IDE client, such as “Visual Studio” or “Eclipse”.

Mitigation

Review abnormal activity

The usage of IDE in a production environment is considered a bad practice.

Review this activity by following these steps:

  1. Review the "activity" tab to check its activity for the following behavior.
  2. Is his new activity aligned with his previous one, or is it used to perform new actions.
  3. Is the workload IP and client identical to its previous usage