From the course: Learning the OWASP Top 10
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
Security misconfiguration
From the course: Learning the OWASP Top 10
Security misconfiguration
- [Instructor] The fifth item in the 2021 OWASP TOP 10 is security misconfiguration. OWASP says, "The application might be vulnerable if it is without a concerted, repeatable application security configuration process." You can think of security misconfiguration as having a default setup that is not very secure. For example, if you decide to go on a bike ride and you don't wear a helmet, that might be considered a security misconfiguration. If, on the other hand, you do decide to wear a helmet, and it's properly fitted and appropriate for the type of riding that you're doing, that would be considered a more secure configuration. Security folks use the term hardened to describe something that is securely configured. Some other physical analogies for security misconfiguration include leaving your house and forgetting to lock the door. Going for a drive in the car and deciding not to buckle your seatbelt. A digital security misconfiguration would be if you chose not to use a pass code on…
Contents
-
-
-
Broken access control4m 37s
-
(Locked)
Cryptographic failures3m
-
(Locked)
Injection4m 19s
-
(Locked)
Insecure design2m 58s
-
(Locked)
Security misconfiguration3m 24s
-
(Locked)
Vulnerable and outdated components3m 2s
-
(Locked)
Identification and authentication failures3m 17s
-
(Locked)
Software and data integrity failures3m 35s
-
(Locked)
Security logging and monitoring failures3m 17s
-
(Locked)
Server-side request forgery (SSRF)1m 43s
-
-