Security misconfigurations represent system and application settings that are not appropriately locked down by a system or application administrator. In this video, learn how to test for security misconfiguration flaws.
- [Instructor] The six set of risks in the OWASP Top 10 list … are security misconfiguration flaws. … Simply put, this category of web application risks … is all about insecure or default configurations. … Securing a web app requires more than just knowing … how to securely code that application. … It also requires knowledge about how to securely deploy, … and maintain both the application … and the application infrastructure. … You may have seen news stories … on one of the multiple data breaches … related to open cloud storage weaknesses. … Apps that are configured to use cloud storage … need to take into consideration … how they're going to manage access to that storage. … While verbose error messages are great for troubleshooting, … they're also great for attackers … who are profiling your apps. … If an attacker can force an application … to spit out an error message, … one that contains a stack tracer, … details about the web server in the internal network, … then the attacker now has an advantage …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.