{"id":218148,"date":"2018-11-13T15:19:55","date_gmt":"2018-11-13T14:19:55","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=218148"},"modified":"2018-11-13T15:19:55","modified_gmt":"2018-11-13T14:19:55","slug":"azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/","title":{"rendered":"[Azure] Insecure development practice: exposing access credentials"},"content":{"rendered":"

[et_pb_section admin_label=\u00bbsection\u00bb]
\n\t\t\t[et_pb_row admin_label=\u00bbrow\u00bb]
\n\t\t\t\t[et_pb_column type="4_4"][et_pb_text admin_label="Text"]During recent penetration tests, we identified a development practice that exposes platform access credentials Microsoft Azure Web Sites<\/em><\/a> \u2013 a service that allows the development and hosting of web applications in the cloud. This practice can lead to the compromise of the associated FTP server and, consequently, allow illegitimate read and write access to the source code, log files, and underlying operating system.<\/p>\n

According to our cell of Cyber Threat Intelligence<\/em><\/a>, more than a thousand access credentials are made public on GitHub<\/em><\/a>, Pastebin<\/em><\/a> and other code or file hosting services.<\/p>\n

Context<\/h2>\n

The service Microsoft Azure Web Sites<\/em> allows you to generate and export a configuration file PublishSettings<\/em> This file, designed to be imported into PowerShell or Visual Studio to facilitate application administration within a continuous development framework, allows these applications to query the Azure API without manual procedures. It is particularly sensitive because it contains the usernames and passwords for accessing the FTP and deployment servers. MSDeploy<\/em>.<\/p>\n

Obtaining the file<\/h2>\n

The file in question can be downloaded from the resource page corresponding to the web application on the Azure portal:<\/p>\n

\n

\"\"<\/p>\n

Figure 1: Obtaining the publication profile<\/p>\n<\/div>\n

 <\/p>\n

We then obtain a file named $SiteName.PublishSettings<\/em> in which are entered the usernames and passwords allowing access to the deployment server MSDeploy<\/em> (in green) and to the FTP server (in blue):<\/p>\n

\n

\"\"<\/p>\n

Figure 2: File poc-eval-****.PublishSettings<\/p>\n<\/div>\n

 <\/p>\n

Compromise<\/h2>\n

The practice we were referring to is as follows: often, the file PublishSettings <\/em>is appended to the project's source code. The file then reaches the various stakeholders in the development chain (development teams, security auditors, quality engineers, etc.) and, in the most critical cases, it is published on online services such as GitHub<\/em> or in the website directory (although\u2019Azure<\/em> blocks access to this type of file from the browser by default), thus giving an attacker the opportunity to access and use the sensitive information stored there.<\/p>\n

Let's assume that we have obtained the file PublishSettings<\/em> presented in the previous section. We simply need to follow the links. publishUrl<\/em> and to enter the provided usernames and passwords.<\/p>\n

For example, we can connect to the FTP server and access the source code:<\/p>\n

\n

\"\"<\/p>\n

Figure 3: Connecting to the FTP server<\/p>\n<\/div>\n

 <\/p>\n

We can also add or delete files. Below, we have deleted index.html<\/em> and added poc_ftp.html<\/em> :<\/p>\n

\n

\"\"<\/p>\n

Figure 4: Editing FTP server content<\/p>\n<\/div>\n

 <\/p>\n

 <\/p>\n

Our file poc_ftp.html<\/em> is indeed accessible on the web application:<\/p>\n

\n

\"\"<\/p>\n

Figure 5: Access to poc_ftp.html<\/p>\n<\/div>\n

 <\/p>\n

It is notably possible to execute system commands by dropping a webshell<\/em> :<\/p>\n

\n

\"\"<\/p>\n

Figure 6: Executing Windows system commands<\/p>\n<\/div>\n

 <\/p>\n

Finally, we can access the application logs:<\/p>\n

\n

\"\"<\/p>\n

Figure 7: Accessing application logs<\/p>\n<\/div>\n

 <\/p>\n

 <\/p>\n

This log file contains the requests made to the web server. It includes the GET request we made to the server to access the file. poc_eval.html <\/em>:<\/p>\n

\n

\"\"<\/p>\n

Figure 8: Web server access log<\/p>\n<\/div>\n

 <\/p>\n

Numerous other log files are accessible on the FTP server: system logs containing information about the operating system, application logs storing the outputs of functions, debug<\/em>, or extension logs indicating the name and version of extensions added to the application.<\/p>\n

Recommendations<\/h2>\n

The content of this file is particularly sensitive and unencrypted; therefore, special attention should be paid to the permissions applied to it and the opportunities for reading by an illegitimate third party.<\/p>\n

Intrinsec recommends the following practices:<\/p>\n

    \n
  • Do not save the file PublishSettings<\/em> in the project directory;<\/li>\n
  • Delete the file once it has been imported;<\/li>\n
  • Implement unit tests in the continuous integration pipeline to verify the absence of a P fileublishSettings<\/em> in published directories;<\/li>\n
  • Include verification in the tests performed by your vulnerability scanners;<\/li>\n
  • Consider a specific use case in detection strategies for the different stakeholders in the development chain;<\/li>\n
  • Monitor the leakage or exposure of this type of document;<\/li>\n
  • Communicate the best practices outlined above to the development teams.<\/li>\n<\/ul>\n

     [\/et_pb_text][\/et_pb_column]
    \n\t\t\t[\/et_pb_row]
    \n\t\t[\/et_pb_section]<\/p>","protected":false},"excerpt":{"rendered":"

    [et_pb_section admin_label="section"] [et_pb_row admin_label="row"] [et_pb_column type="4_4"][et_pb_text admin_label="Text"]During recent penetration tests, we identified [\u2026]<\/p>","protected":false},"author":25,"featured_media":218149,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-218148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-veille-securite"],"yoast_head":"\nIntrinsec - [Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s<\/title>\n<meta name=\"description\" content=\"\u00c0 l\u2019occasion de r\u00e9cents tests d\u2019intrusion, nous avons identifi\u00e9 une pratique de d\u00e9veloppement exposant des identifiants d\u2019acc\u00e8s \u00e0 la plateforme Microsoft Azure Web Sites \u2013 service permettant de d\u00e9velopper et h\u00e9berger des applications web dans le cloud.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s\" \/>\n<meta property=\"og:description\" content=\"\u00c0 l\u2019occasion de r\u00e9cents tests d\u2019intrusion, nous avons identifi\u00e9 une pratique de d\u00e9veloppement exposant des identifiants d\u2019acc\u00e8s \u00e0 la plateforme Microsoft Azure Web Sites \u2013 service permettant de d\u00e9velopper et h\u00e9berger des applications web dans le cloud.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-13T14:19:55+00:00\" \/>\n<meta name=\"author\" content=\"Adrien Bouteiller\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adrien Bouteiller\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/\"},\"author\":{\"name\":\"Adrien Bouteiller\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f66452546f5761d26bb4c6dfa4d9d1e6\"},\"headline\":\"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s\",\"datePublished\":\"2018-11-13T14:19:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/\"},\"wordCount\":881,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Veille S\u00e9curit\u00e9\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/\",\"name\":\"Intrinsec - [Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2018-11-13T14:19:55+00:00\",\"description\":\"\u00c0 l\u2019occasion de r\u00e9cents tests d\u2019intrusion, nous avons identifi\u00e9 une pratique de d\u00e9veloppement exposant des identifiants d\u2019acc\u00e8s \u00e0 la plateforme Microsoft Azure Web Sites \u2013 service permettant de d\u00e9velopper et h\u00e9berger des applications web dans le cloud.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/f66452546f5761d26bb4c6dfa4d9d1e6\",\"name\":\"Adrien Bouteiller\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"caption\":\"Adrien Bouteiller\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/adrien-bouteiller\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Intrinsec - [Azure] Insecure development practice: exposing access credentials","description":"During recent penetration tests, we identified a development practice exposing access credentials to the Microsoft Azure Web Sites platform \u2013 a service for developing and hosting web applications in the cloud.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/","og_locale":"en_US","og_type":"article","og_title":"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s","og_description":"\u00c0 l\u2019occasion de r\u00e9cents tests d\u2019intrusion, nous avons identifi\u00e9 une pratique de d\u00e9veloppement exposant des identifiants d\u2019acc\u00e8s \u00e0 la plateforme Microsoft Azure Web Sites \u2013 service permettant de d\u00e9velopper et h\u00e9berger des applications web dans le cloud.","og_url":"https:\/\/www.intrinsec.com\/en\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/","og_site_name":"INTRINSEC","article_published_time":"2018-11-13T14:19:55+00:00","author":"Adrien Bouteiller","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Adrien Bouteiller","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/"},"author":{"name":"Adrien Bouteiller","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f66452546f5761d26bb4c6dfa4d9d1e6"},"headline":"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s","datePublished":"2018-11-13T14:19:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/"},"wordCount":881,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#primaryimage"},"thumbnailUrl":"","articleSection":["Veille S\u00e9curit\u00e9"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/","url":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/","name":"Intrinsec - [Azure] Insecure development practice: exposing access credentials","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#primaryimage"},"thumbnailUrl":"","datePublished":"2018-11-13T14:19:55+00:00","description":"During recent penetration tests, we identified a development practice exposing access credentials to the Microsoft Azure Web Sites platform \u2013 a service for developing and hosting web applications in the cloud.","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/azure-pratique-de-developpement-non-securisee-exposition-didentifiants-dacces\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"[Azure] Pratique de d\u00e9veloppement non s\u00e9curis\u00e9e : exposition d\u2019identifiants d\u2019acc\u00e8s"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/f66452546f5761d26bb4c6dfa4d9d1e6","name":"Adrien Bouteiller","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","caption":"Adrien Bouteiller"},"url":"https:\/\/www.intrinsec.com\/en\/author\/adrien-bouteiller\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/218148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=218148"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/218148\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=218148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=218148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=218148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}