# Insecure Default Initialization of Resource (CWE-1188)

The product initializes a resource in an insecure way that is not in line with the intended privileges for the resource.

**Stack:** Kubernetes

- Prevalence: उच्च बार-बार शोषित
- Impact: मध्यम समीक्षा अनुशंसित
- Prevention: प्रलेखित 2 फिक्स उदाहरण

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

When resources are initialized with insecure default settings, they may expose functionality or data that should be protected. Users may not realize they need to change default settings.

## Prevention

2 Shoulder डिटेक्शन नियमों पर आधारित Insecure Default Initialization के लिए रोकथाम रणनीतियाँ।

### Kubernetes

Deploy resources to an explicit namespace instead of 'default' for better isolation

Add liveness and readiness probes to ensure Kubernetes can monitor container health

## Warning Signs

- [LOW] Resource deployed to default namespace instead of explicit namespace
- [LOW] resources deployed to the default namespace
- [LOW] Container is missing liveness and/or readiness probes.
- [LOW] containers missing liveness and/or readiness probes

## Consequences

- सुरक्षा तंत्र को बायपास करना
- एप्लिकेशन डेटा पढ़ना
- विशेषाधिकार प्राप्त करना

## Mitigations

- सभी कॉन्फ़िगरेशनों के लिए सुरक्षित डिफ़ॉल्ट का उपयोग करें
- सेटिंग्स के सुरक्षा निहितार्थों का दस्तावेज़ीकरण करें
- असुरक्षित विकल्पों के लिए स्पष्ट opt-in अनिवार्य करें

## Detection

- Total rules: 2
- Languages: yaml

## Rules by Language

### Yaml (2 rules)

- **Using Default Namespace** [LOW]: Detects resources deployed to the default namespace.
  - Remediation: Use an explicit namespace instead of 'default' for better organization and isolation.
- **Missing Health Probes** [LOW]: Detects containers missing liveness and/or readiness probes.
  - Remediation: Add liveness and readiness probes.

```yaml
livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-1188/missing-health-probes