Professional Documents
Culture Documents
Attacks
been a persistent issue over the years. It ranked number 6 in the 2017 OWASP
unprotected files and directories, unused web pages, unpatched flaws and unauthorized
access to default accounts. The exploitation of security misconfiguration vulnerabilities ca
n
lead attackers to exploit more critical vulnerabilities and also ultimately compromise
an application
Introduction
As application security becomes sophisticated, refined techniques to prevent data
breaches have been developed but simple human errors remain an issue. Insecure
coding and errors from a developer can result in security misconfiguration vulnerabilities.
The reliance on third-party components to develop web applications can cause
misconfiguration issues. Attackers exploit configuration weakness in applications to
gain knowledge about an application to exploit other critical vulnerabilities, which
can pose a severe risk to organizations. Configuration flaws can lead an attacker to
compromise an application entirely. Poorly maintaining or ignoring unused features
in web applications can leave the application open to attackers. Improper handling
of error messages in applications provides information for attackers to discover
vulnerabilities.
Introduction
According to Contrast Labs research in October 2019, 36% of web applications
are vulnerable to security misconfigurations. The researchers also discovered that
72% of.NET applications have security misconfigurations. In 2018, IBM reported
that data breaches related to improper configurations increased by 424%.
In the 2019 magic quadrant for AST, Gartner identifies three main techniques of AST:
application security risks but have less attention in the research area, we presented a too
l, BitScanner, to detect security misconfigurations in web applications.