The Risks Of Exposed Development Environments

The Risks Of Exposed Development Environments


Share on linkedin
Share on facebook
Share on twitter

In this episode, we talk about development environments and specifically about index pages that are left unintentionally exposed to the internet for anyone to find.

1. What are the risks?

2. How common is this exposure?

3. What can you do to prevent such exposures?

What are development index pages?

Development index pages are a one stop shop for all the development environments a company owns. These pages often contain pretty sensitive information that should not be exposed to the internet such as links to QA environments, mobile development environment as well as API documentation for development. In some cases these pages will also include detailed descriptions for future products. Beside these environments, some of these pages may include links to the company’s Jenkins, Jira, confluence and other internal systems.

How common is it to find such exposed development index pages online?

On average, Reposify finds about a hundred thousand new exposed development environments every week, many of which are development index pages. We see this type of exposure across all types of companies,  large and small companies alike, no matter how secure they are.

This exposure is typically a result of failing to secure these environments behind a VPN. This can happen to  internal teams but also to third party vendors with whom a company works.

How to avoid unnecessary exposures of development index pages?

The first and most basic thing is to make sure that all your development and QA environments are properly secured behind a VPN. This and other related company policies should be clearly communicated both internally and with any vendors with whom you work.  However, relying on communications and policies isn’t enough.

How can Reposify help?

Reposify’s Attack Surface Management platform automatically discovers all your internet exposed assets including development environments no matter where they are located. 

Once discovered, the system will send you a real-time notification alerting on such exposure so your team can remediate the issue before attackers can find it and exploit it. 

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time


Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

Why Only EASM can provide the protection necessary to guard against RCE threat

In April, VMware issued a series of patches to guard against vulnerabilities in a number of products. Among the most critical is CVE-2022-22954, a remote code execution RCE threat that puts organizations at risk of cyber attack. Only EASM can provide thorough cybersecurity protection against remote code execution hacks, with real-time asset monitoring and identification and clear, actionable insights for immediate intervention.

Detect to protect: Reposify’s EASM flags exposed assets vulnerable to Microsoft SMB (CVE-2022-26809)

Microsoft covered more than 100 vulnerabilities in April's security update, among them patches to critical remote code execution (RCE) vulnerabilities located in Microsoft’s SMB. In response Reposify's EASM platform scanned and identified 800,000+ nodes with open SMB protocol on both patched and unpatched systems. Read our latest blog and learn how Reposify's EASM can detect unknown exposed assets vulnerable to Microsoft’s SMB.

Security teams: here’s why you should choose EASM over Shodan?

If you are using Shodan to search for your company’s assets or perform reconnaissance as part of blue or red teams routines - you need to keep reading.