Production Token Is Used by IDE Client
Eco-system support
-
AWS IAM Access token
-
Azure app registration token
-
GCP Service Account key
Description
Developers debugging the production environment from their IDE exposes a considerable attack surface and poses a significant security threat. This practice may potentially result in a breach, data exposure, and compliance complications.
Detection triggers
- Token usage event from a client user-agent that is linked to an IDE client, such as “Visual Studio” or “Eclipse”.
Mitigation
Review abnormal activity
The usage of IDE in a production environment is considered a bad practice.
Review this activity by following these steps:
- Review the "activity" tab to check its activity for the following behavior.
- Is his new activity aligned with his previous one, or is it used to perform new actions.
- Is the workload IP and client identical to its previous usage