From the course: Dynamic Application Security Testing
Join today to access over 23,200 courses taught by industry experts.
A5: Security misconfiguration - Burp Suite Tutorial
From the course: Dynamic Application Security Testing
A5: Security misconfiguration
- [Instructor] The fifth set of risks in the OWASP top 10 are security misconfiguration flaws. Simply put, this category of web application risks is all about insecure or default configurations. Securing a web app requires much more than just knowing how to securely code that application. It also requires knowledge of how to securely deploy and maintain both the application and the application infrastructure. You've probably seen news stories on one of the multiple data breaches related to open cloud storage weaknesses. Apps that are configured to use cloud storage need to take into consideration how they're going to manage access to that storage. While verbose error messages are great for troubleshooting, they're also great for attackers who are profiling your apps. If an attacker can force an application to spit out an error message that contains a stack trace, or details about a web server in the internal network, then…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
The OWASP Top Ten3m 16s
-
(Locked)
A1: Broken access control5m 58s
-
(Locked)
A2: Cryptographic failures6m 49s
-
(Locked)
A3: Injection7m 44s
-
(Locked)
A4: Insecure design5m 30s
-
(Locked)
A5: Security misconfiguration7m 25s
-
(Locked)
A6: Vulnerable and outdated components7m 7s
-
(Locked)
A7: Identification and authentication failures6m 59s
-
(Locked)
A8: Software and data integrity failures5m 58s
-
(Locked)
A9: Security Logging and monitoring failures6m 54s
-
(Locked)
A10: Server-side request forgery (SSRF)5m 4s
-
(Locked)
-