19 hours 55 minutes

Video Transcription

Hi. Welcome back to the course. So the last video we talked about web servers now in this video for Web applications were actually gonna go through the loss Top 10. And also with this module. Actually, part of the resource is for the course. I've included downloadable documents of the old lost top 10. That kind of walks through each of these areas a little more in debt.
So the all lost top 10 for 2017 on the web application, security risk. I'm just gonna read through these and the more action and go into each one of just a little bit. We hit these at a very high level.
So number one injection number two, broken authentication number three, sentence sensitive data exposure
number four, XML, external entities or XXI. Number five, broken access control, sixes, security, Miss Configuration
A number seven is cross site scripting or excesses.
Number eight. It's insecure. Do serialization number nine is using components with known vulnerabilities in the number 10 insufficient logging in monitoring.
So we're just gonna go through each one of these at a high level, So injection flaws So basically, these can result in different types of data loss or even data corruption.
So the ways to prevent him we could use a safe A p i R application programming interface. And basically, we want something that will avoid the interpreter so that the code can't run.
We can also white list to service side input validation. Use sequel controls within the queries, and that'll help us just basically prevent a mass disclosure and the event of a sequel Injection attack,
broken authentication. So the main thing this can lead to obviously, if you're your credentials, were stolen our identity theft and fraud.
So ways to prevent it are multi factor authentication. So, for example, if your username and password or stolen but you set up multi factor so you receive a text and you have to put in a certain code to be able to log in than the attacker is gonna have a problem doing that unless they compromise your phone.
So also not using default credentials. So, like if you got a router, for example, you're not gonna use the or you're gonna change it as soon as possible the default credentials of that router, and that way there's no real risk. Their oven attacker getting into your system through that avenue.
Check for weak passwords to make sure employees were putting in strong pastors. In the easiest way to do that, I just put a strong password policy in place. You could find information about that in Mist 863. That'll give you some generalized information about a password guy guidelines.
We can also hardened against your new Marais Shin of accounts and then limit the number of field log in attempts. And that should reduce the risk somewhat if the identity stolen
so sensitive day exposure. Now this can lead identity set. That's kind of the main thing with it. S O Prevention is gonna be classifying the data that's being processed, stored and transmitted. So we know what the data is. The actual critical or valuable data and which ones, you know, weaken, you know, that are maybe just a paper taller, something we could throw in the trash,
applying a proper appropriate controls and then, of course, encrypting all data arresting and transferred. That does protect quite a bit
excited male external entities, or XXI. Eso basically weaknesses in next in milk processors and that can lead to things like data extraction or did not, even denial of service or distributed denial of service and also internal system scans.
So ways to prevent it Using less complex data formats like Jason, we can also patching Upgrade, which is a theme throughout this course, right with all the different software issues on then Disable XML External entity processing inside of XML documents and headers,
Broken access control. So this can basically allow an attacker to get administrative prison purposes and then also, users can escalate privileges and be able to delete records and access. Records were not supposed to access
prevention, obviously denied by default. So if they don't have access explicitly given to them, then it's gonna deny them, even with some type of failure. Generally disabling the Web server directory listing log access control failures,
security. Miss King of figuration. So this can lead to unauthorized access to the computer or even in worst case scenarios. A complete system compromise so wasted, prevented, basically build up the platform or use a platform without unnecessary features listed in it, or remove those as soon as you can
hard on different systems and then also make your application in architecture infrastructure segment,
so cross site scripting attacks.
These could lead a remote code execution on the victim's prosper. So basically, what that's gonna lead to is either skeet stealing a credentials, delivery of malware, or both
so wasted, prevented. We could separate untrusted data from the active browser content. We can also
basically escape using untrusted. Http. Request data and then enabling content security policies
so insecure d serialization. This could lead to remote execution
and then the prevention. We can implement integrity checks like digital signatures. We can also do that cold isolation and then logging the dis serialization exceptions and failures.
And then we also have using components with no vulnerabilities. So this can obviously lead to massive data breaches on dso. Wasted, prevented, are patching again, and then also obtaining are downloads from official sources. So, you know, just because it's a lower cost to go to this You know this person posting on Craigslist to download your your stuff?
Go the official sourcing downloaded.
And then, of course, making a continuous inventory of the climate server side Frank Marx and libraries and use. We could make sure there's nothing nefarious on there.
All right, so if insufficient logging and monitoring. So this can basically just leave this successful exploitive. We're not monitoring what's going on. So we want to make sure that we ensure that all of the log in and access control failures are logged with sufficient context. We can actually go back through it and make some kind of sense of it.
So along the same line, we want to assure the logs have generated in an easily consumed format and establish effective monitoring and alerts.
So we got a quick posts assessment question here. So one way to prevent against broken access control is to deny By what?
All right, so if you said denied by default, you are correct. So again, if we didn't die by default and even if someone's credentials are compromised, we've already put systems in place to try to reduce the amount of damage it can cause.
So in this video, we wrapped up our discussion of Web servers and applications. In the next video, we're gonna jump right into our labs on the subject, and then in the following module, we'll talk about sequel injection

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor