As a good developer, I have my code in a repo, that doesn’t necessarily mean that I have followed all of the best practices that I should. I can still expose myself to risks unknowingly. By April Edwards.
Often in tutorials or getting started guides, we try to make the code and directions as easy as possible for anyone to be able to follow. While this is great for the community, sometimes while we make things easy to get started, but do not consider the impact it can have on the consumer. Meaning, I have deployed my Azure Static Web App, but exposed myself to what could a potential security risk for myself or my organization. In hindsight, we need to make sure our tutorials are fit for purpose and production.
While I have protected my secrets following all of the best practices, what if I hadn’t? What if another developer in the team hadn’t? We deployed our Azure Static Web App and could have potentially exposed critical information externally.
As a developer, we should ALL care about security. We want to ‘shift left’ and implement security early. While nothing obvious sticks out, we don’t have any exposed secrets in my YAML, we’ve done all the things right. But wait… We haven’t. Follow the link to full article to learn what was the security issue about. Nice one!
[Read More]