Improper Assets Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 43 minutes
Video Transcription
everyone welcome back to the core. So in this video, we're gonna talk about improper assets management
so we'll talk about what it is as well as ways that we can prevent against it.
So what is improper assets management? What does it actually mean? So
this is where an attacker finds non production versions of the A P I. So this could be a P eyes in the staging area or in testing even beta versions even earlier versions. And normally these aren't going to be is well protected. And then what the attacker does uses those to actually launch the attack
and then move laterally to other A P eyes.
So how do we prevent against this? Well, we could do things like taking the improve inventory of all of our A p I hosts and knowing what we actually have out there
limiting access from the public rights limiting that public access to the A P eyes
using a p I firewalls is another way limiting the access to production data. We can also segregate access to various AP eyes and then also implementing strict authentication.
Now, an example of this type of attack being used if you recall the just dial breach from 2019 were about 100 million users in India were affected and have their information taken.
So in this video, what has talked about what improper assets management is? And we also talked about some ways that we can mitigate or prevent against that. So again, doing things like taking the inventory of all of our A p I host limiting the public access to the A P eyes, limiting the access to production data as well as
making sure that we segment out that access
and then using a P I firewalls.
Up Next
Introduction to the OWASP API Security Top 10

The Introduction to the OWASP API Security Top 10 course will teach students why API security is needed. Students will get a brief refresher on the CIA triad and AAA, then move into learning about the OWASP Top 10 from an API security perspective.

Instructed By