A company is migrating a legacy application to the cloud. The application uses hardcoded database credentials. Which secure development practice should be implemented to address this?
Trap 1: Use code signing for all deployments
Code signing ensures code integrity, not secret management.
Trap 2: Implement input validation on all user inputs
Input validation prevents injection attacks, not credential exposure.
Trap 3: Enable encryption at rest for the database
Encryption at rest protects data at rest, not credentials in code.
- A
Use code signing for all deployments
Why wrong: Code signing ensures code integrity, not secret management.
- B
Implement input validation on all user inputs
Why wrong: Input validation prevents injection attacks, not credential exposure.
- C
Enable encryption at rest for the database
Why wrong: Encryption at rest protects data at rest, not credentials in code.
- D
Use a secrets management service
Secrets management securely stores and rotates credentials, eliminating hardcoding.