A7: Security Misconfiguration

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 43 minutes
Video Transcription
Hi, everyone. Welcome back to the course in this video. We're to talk about the seventh item on the AWAS. FBI Security Top 10 list security, Miss Configuration.
So we're gonna talk about some of the causes of these security Miss Configurations as well as ways we can prevent or mitigate against them.
So let's talk through some of the causes. Well, one major cause on both security Miska Fishery Miss Configurations for AP eyes as well as your more generalized security, Miss Configurations around things in the cloud are unpatched systems
as well as unprotected directories and files. Also not hardening images. Right. So going back to patching and making sure we have the latest versions of software making sure that we're protecting her files and directories. That's all part of the hardening aspect of it.
Extort Exposed storage is another big area
leaving unnecessary features enabled. If you just think about your own operating system, let's see you run like Windows 10. There are so many features on Windows 10 that you don't actually need to use it, right? These are just extra things that all increase your attack surface. So when we talk about hardening systems, if you're not familiar with security terminology. We're just talking about
making it a secure as we can. So patching
any vulnerabilities that we have, as well as removing all these unnecessary features we don't actually need for the application to function.
So how do we prevent against some of these things? We can harden or patch the systems and and make sure that the process is repeatable. We don't just want to do it tomorrow. We want to do it on a consistent schedule so we can make sure we mitigate this
using an automated process to locate any type of configuration flaws in the application,
disabling the unnecessary features as I mentioned,
and also things like restricting the administrative access and then defining and enforcing all the outputs, including errors.
So in this video, we just talked about some of the causes of security, Miss Configurations. A good example of security, Miss configuration was the Equifax struts breach. So if you're here in the U. S. You know about the Equifax breach? It happened. It affected, I think, roughly half of Americans. Their data was stolen in the Equifax breach.
So a good example of that, we also talked about ways to prevent or mitigate against this
Up Next
Introduction to the OWASP API Security Top 10

The Introduction to the OWASP API Security Top 10 course will teach students why API security is needed. Students will get a brief refresher on the CIA triad and AAA, then move into learning about the OWASP Top 10 from an API security perspective.

Instructed By