1 hour 43 minutes
Hi, everyone. Welcome back to the course in this video. We're to talk about the seventh item on the AWAS. FBI Security Top 10 list security, Miss Configuration.
So we're gonna talk about some of the causes of these security Miss Configurations as well as ways we can prevent or mitigate against them.
So let's talk through some of the causes. Well, one major cause on both security Miska Fishery Miss Configurations for AP eyes as well as your more generalized security, Miss Configurations around things in the cloud are unpatched systems
as well as unprotected directories and files. Also not hardening images. Right. So going back to patching and making sure we have the latest versions of software making sure that we're protecting her files and directories. That's all part of the hardening aspect of it.
Extort Exposed storage is another big area
leaving unnecessary features enabled. If you just think about your own operating system, let's see you run like Windows 10. There are so many features on Windows 10 that you don't actually need to use it, right? These are just extra things that all increase your attack surface. So when we talk about hardening systems, if you're not familiar with security terminology. We're just talking about
making it a secure as we can. So patching
any vulnerabilities that we have, as well as removing all these unnecessary features we don't actually need for the application to function.
So how do we prevent against some of these things? We can harden or patch the systems and and make sure that the process is repeatable. We don't just want to do it tomorrow. We want to do it on a consistent schedule so we can make sure we mitigate this
using an automated process to locate any type of configuration flaws in the application,
disabling the unnecessary features as I mentioned,
and also things like restricting the administrative access and then defining and enforcing all the outputs, including errors.
So in this video, we just talked about some of the causes of security, Miss Configurations. A good example of security, Miss configuration was the Equifax struts breach. So if you're here in the U. S. You know about the Equifax breach? It happened. It affected, I think, roughly half of Americans. Their data was stolen in the Equifax breach.
So a good example of that, we also talked about ways to prevent or mitigate against this
Introduction To OWASP Top Ten: A6 - Security Misconfiguration - Scored
This module for the Introduction to OWASP Top Ten Module covers A6: Security Misconfiguration.
Introduction To OWASP Top Ten: A1 - Injection - Scored
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.