Define 'Credential Scrubbing' as Source Code Hardening technique

d3fend · Dec 17, 2024 · 0503495 · 0503495
1 parent cced531
commit 0503495
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/src/ontology/d3fend-protege.ttl b/src/ontology/d3fend-protege.ttl
@@ -4341,6 +4341,23 @@ Management servers with enterprise policies for account management provide the a
     :kb-reference <http://d3fend.mitre.org/ontologies/d3fend.owl#Reference-EvictionGuidanceforNetworksAffectedbytheSolarWindsandActiveDirectory/M365Compromise-CISA>,
         :Reference-PasswordandKeyRotation-SSH .
 
+:CredentialScrubbing a :CredentialScrubbing,
+        owl:Class,
+        owl:NamedIndividual ;
+    rdfs:label "Credential Scrubbing" ;
+    rdfs:subClassOf :SourceCodeHardening ;
+    :d3fend-id "D3-CS" ;
+    :definition "The systematic removal of hard-coded credentials from source code to prevent accidental exposure and unauthorized access." ;
+    :kb-article """## How it Works
+Credential Scrubbing involves identifying and eliminating hard-coded credentials such as usernames, passwords, API keys, and tokens from source code repositories. These credentials should be managed securely using environment variables, secret management tools, or secure vaults where they can be safely accessed when needed.
+
+## Considerations
+* Developers should conduct regular audits of source code to ensure credentials are not hard-coded.
+* Exposed credentials found in version control history must be disabled and replaced promptly.
+* Adopt role-based access controls and credential rotation policies to minimize security risks.""" ;
+    rdfs:seeAlso :CWE-798,
+        <https://capec.mitre.org/data/definitions/191.html> .
+
 :CredentialTransmissionScoping a :CredentialTransmissionScoping,
         owl:Class,
         owl:NamedIndividual ;
@@ -13101,7 +13118,7 @@ Georgian Impact Blog. (n.d.). Transfer Learning Part 1. [Link](https://medium.co
     :definition """Ensuring that an integer is within a valid range.
 """ ;
     :kb-article """## How it Works
-Integer Range Validation can be done by programmatically checking the value of an integer before or after an operation to determine if the resulting value will be valid. 
+Integer Range Validation can be done by programmatically checking the value of an integer before or after an operation to determine if the resulting value will be valid.
 Checking the value of an integer to ensure it is in a valid range helps prevent integer overflow, wraparound, and logical errors.
 
 ## Considerations