Zombie endpoint receives traffic

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

A zombie API endpoint is absent from the latest deployed version of a service yet is still receiving traffic due to deployment drift — for example, a forgotten container, a failed rollout, or a legacy environment still running an outdated version. These endpoints are typically unmaintained and unpatched, making them a high-risk attack surface.

Rationale

This finding works by identifying an API endpoint that:

  • received traffic since the latest deployment (with a 24h grace period after deploy)
  • has a version tag that does not appear in the set of latest deployed versions

Deployment Tracking is a prerequisite for detecting Zombie API endpoints.

Remediation

Identify and decommission the legacy deployment still serving this endpoint (e.g. a forgotten container, a stuck rollout, or an outdated staging environment). Ensure all environments are running the latest version of the service so that removed endpoints can no longer receive traffic.