1 hour 43 minutes
everyone welcome back to the core. So in this video, we're gonna talk about improper assets management
so we'll talk about what it is as well as ways that we can prevent against it.
So what is improper assets management? What does it actually mean? So
this is where an attacker finds non production versions of the A P I. So this could be a P eyes in the staging area or in testing even beta versions even earlier versions. And normally these aren't going to be is well protected. And then what the attacker does uses those to actually launch the attack
and then move laterally to other A P eyes.
So how do we prevent against this? Well, we could do things like taking the improve inventory of all of our A p I hosts and knowing what we actually have out there
limiting access from the public rights limiting that public access to the A P eyes
using a p I firewalls is another way limiting the access to production data. We can also segregate access to various AP eyes and then also implementing strict authentication.
Now, an example of this type of attack being used if you recall the just dial breach from 2019 were about 100 million users in India were affected and have their information taken.
So in this video, what has talked about what improper assets management is? And we also talked about some ways that we can mitigate or prevent against that. So again, doing things like taking the inventory of all of our A p I host limiting the public access to the A P eyes, limiting the access to production data as well as
making sure that we segment out that access
and then using a P I firewalls.
Introduction To OWASP Top Ten: A6 - Security Misconfiguration - Scored
This module for the Introduction to OWASP Top Ten Module covers A6: Security Misconfiguration.
Introduction To OWASP Top Ten: A1 - Injection - Scored
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.