Profile Applicability:
Level 1
Description:
All webhooks integrated with repositories or systems must be secured to prevent unauthorized access and malicious payloads. Security measures include validating webhook signatures, using secret tokens, restricting IP ranges, and enforcing HTTPS communication to ensure that only trusted sources can trigger webhook events.
Rationale:
Using secured webhooks mitigates risks of code injection, unauthorized automation triggers, and supply chain attacks. It preserves the integrity and confidentiality of automated workflows and supports compliance with security best practices.
Impact:
Pros:
Protects CI/CD and integration pipelines from unauthorized access.
Prevents exploitation through malicious webhook payloads.
Enhances overall security posture of development workflows.
Supports audit and compliance requirements.
Cons:
Requires additional configuration and maintenance effort.
May introduce complexity in setting up integrations.
Default value:
Many webhook implementations allow unsecured or unauthenticated requests by default, increasing risk exposure.
Audit:
Review webhook configurations for signature validation, secret tokens, IP restrictions, and use of HTTPS. Test webhook endpoints for proper authentication and error handling.
Remediation:
Implement webhook security features such as HMAC signature verification and IP whitelisting. Ensure all webhook traffic uses TLS encryption. Train developers and administrators on secure webhook practices.
References:
https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks
https://docs.gitlab.com/ee/user/project/integrations/webhooks.html#secure-webhooks
https://www.cisecurity.org/controls/application-software-security/
Tags:
### # #