Profile Applicability:
Level 1
Description:
Webhooks used in the build environment must be secured by validating incoming requests through mechanisms such as secret tokens, HMAC signatures, IP whitelisting, and enforcing HTTPS. Securing webhooks prevents unauthorized triggering of build processes or manipulation of pipeline events.
Rationale:
Unsecured webhooks can be exploited to execute unauthorized builds, inject malicious code, or disrupt development workflows. Protecting webhook endpoints maintains the integrity and reliability of the build environment and supports compliance with security best practices.
Impact:
Pros:
Prevents unauthorized or malicious build triggers.
Protects build and deployment workflows.
Enhances overall environment security and stability.
Supports audit and compliance requirements.
Cons:
Requires configuration and maintenance of security controls.
May increase integration complexity.
Default value:
Build environment webhooks may be configured without proper validation, exposing them to risk.
Audit:
Review webhook configurations to confirm use of secret tokens, signature validation, IP restrictions, and HTTPS. Analyze access logs for unauthorized or suspicious activity.
Remediation:
Enable and enforce webhook security features in build tools and services. Regularly rotate secret tokens and update IP allowlists. Educate teams on secure webhook management.
References:
GitHub Securing Webhooks: https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks
GitLab Webhook Security: https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#secure-webhooks
OWASP Webhooks Security: https://owasp.org/www-project-secure-headers/#webhooks
CIS Controls v8, Control 16 - Application Software Security: https://www.cisecurity.org/controls/application-software-security/