Addressing Security Risks in Shadow IT and Unauthorized Applications

Identifying and mitigating threats posed by unsanctioned applications and systems within an organization.

0 likes
10 views

Rule Content

{
  "title": "Addressing Security Risks in Shadow IT and Unauthorized Applications",
  "description": "Identifies and mitigates threats posed by unsanctioned applications and systems within an organization.",
  "category": "Security",
  "categoryContext": "Flags unsafe code, secrets, and insecure configurations.",
  "rules": [
    {
      "id": "shadow-it-detection",
      "description": "Detects and flags code that integrates with unauthorized third-party services or APIs.",
      "severity": "High",
      "patterns": [
        {
          "pattern": "fetch\\(['\"]https?://(?!approved-domain\\.com)[^'\"]+['\"]\\)",
          "message": "Usage of unapproved external API detected. Ensure all third-party integrations are authorized."
        },
        {
          "pattern": "import\\s+[^\\s]+\\s+from\\s+['\"](?!approved-library)['\"][^'\"]+['\"]",
          "message": "Importing unapproved external libraries. Verify that all dependencies are sanctioned."
        }
      ]
    },
    {
      "id": "hardcoded-secrets",
      "description": "Identifies hardcoded sensitive information such as API keys, passwords, and tokens.",
      "severity": "Critical",
      "patterns": [
        {
          "pattern": "(?i)(api_key|secret|password)\\s*=\\s*['\"][^'\"]+['\"]",
          "message": "Hardcoded secret detected. Store sensitive information securely using environment variables or secure vaults."
        }
      ]
    },
    {
      "id": "insecure-configurations",
      "description": "Flags configurations that may lead to security vulnerabilities.",
      "severity": "Medium",
      "patterns": [
        {
          "pattern": "DEBUG\\s*=\\s*True",
          "message": "Debug mode is enabled. Disable debug mode in production environments to prevent information leakage."
        },
        {
          "pattern": "ALLOWED_HOSTS\\s*=\\s*\\[\\s*['\"]\\*['\"]\\s*\\]",
          "message": "ALLOWED_HOSTS is set to allow all hosts. Restrict this to specific domains to prevent unauthorized access."
        }
      ]
    },
    {
      "id": "unapproved-dependencies",
      "description": "Detects usage of dependencies that are not approved by the organization.",
      "severity": "High",
      "patterns": [
        {
          "pattern": "require\\(['\"](?!approved-package)['\"][^'\"]+['\"]\\)",
          "message": "Usage of unapproved package detected. Ensure all dependencies are vetted and approved."
        }
      ]
    },
    {
      "id": "unauthorized-network-requests",
      "description": "Flags network requests to unapproved domains.",
      "severity": "High",
      "patterns": [
        {
          "pattern": "axios\\.get\\(['\"]https?://(?!approved-domain\\.com)[^'\"]+['\"]\\)",
          "message": "Network request to unapproved domain detected. Verify that all external communications are authorized."
        }
      ]
    }
  ]
}

Categories

Security

Tags

#shadow it #unauthorized applications #risk management