Scribd Logo
Upload

Welcome to Scribd!

  • Security Misconfiguration: Description

    Uploaded by

    Glady Gladson
    18 views2 pages
    Security misconfiguration is one of the top vulnerabilities and occurs when security controls are not properly implemented. This allows attackers unauthorized access to resources. Web applications must be configured securely from development to prevent attacks. Security controls should be implemented at every step of an application's implementation to avoid misconfigurations like unnecessary open ports, default credentials, directory listings, and extra error page details that enable attacks. Regular scans and audits can help detect and address future issues.

    Original Description:

    Original Title

    SECURITY MISCONFIGURATION

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Security misconfiguration is one of the top vulnerabilities and occurs when security controls are not properly implemented. This allows attackers unauthorized access to resources. Web applications must be configured securely from development to prevent attacks. Security controls should be implemented at every step of an application's implementation to avoid misconfigurations like unnecessary open ports, default credentials, directory listings, and extra error page details that enable attacks. Regular scans and audits can help detect and address future issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views2 pages

    Security Misconfiguration: Description

    Uploaded by

    Glady Gladson
    Security misconfiguration is one of the top vulnerabilities and occurs when security controls are not properly implemented. This allows attackers unauthorized access to resources. Web applications must be configured securely from development to prevent attacks. Security controls should be implemented at every step of an application's implementation to avoid misconfigurations like unnecessary open ports, default credentials, directory listings, and extra error page details that enable attacks. Regular scans and audits can help detect and address future issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    SECURITY MISCONFIGURATION

    Security Misconfiguration happens more often in every places. Which leads an attacker to have
    access to resources that he is not supposed to have. This vulnerability is in top ten of the OWASP
    project. Web application must properly configured with advised security and it must be checked,
    security controls must be implemented from the developing phase itself to prevent the application
    from attacks and unauthorized access.

    DESCRIPTION

    Security controls must be carried out in every step while implementing a web
    application, network infrastructure, servers, and every part of an application. This vulnerability is so
    common everywhere which can take down a company who thought that every security control has
    been implemented but they did not know it was misconfigured. Leaving a default credential for a
    well-known open service will lead an attacker to gain a remote connection through that service.
    Leaving a admin page with default password can lead to persistent damage to the application.

    The Types are

     Unnecessary administration ports that are open for an application.


    These expose the application to remote attacks.

     Outbound connections to various internet services. These could


    reveal unwanted behaviour of the application in a critical
    environment.

     Legacy applications that are trying to communicate with applications


    that do not exist anymore. Attackers could mimic these applications
    to establish a connection.

     Default accounts are not changed, an attacker will find the default
    admin page on the server with default password.

     Directory Listing is enabled, an attacker will find out that the


    directory listing was not disabled and try to navigate through the
    directories of the server to find some sensitive information.

     Showing extra information on the error pages, which is used for the
    attacker to enumerate more about the application.
    MITIGATION

     Disable administration interfaces.

     Disable unnecessary ports.

     Disable use of default accounts/passwords.

     Configure server to prevent unauthorized access, directory listing,


    etc.
     Consider running scans and doing audits periodically to help detect
    future misconfigurations or missing patches.

    You might also like