Skip main navigation

Threat Analysis

This video explains what security misconfiguration refers to and what hackers will target to attack a system.
Welcome to Security Misconfiguration session. In this first part, we will focus on threat analysis. We will take our time to discuss how security misconfigurations compromise application security. Then we will discuss how the system can be harmed, the impact of the successful exploitation, and give you some insights to identify who may want to harm your system. Security misconfiguration is a very broad category. By definition, a misconfiguration is an incorrect or inappropriate configuration. But security-wise, these incorrect or inappropriate configurations lower system resilience, increasing the overall security risk. Things like enable directory listing, public accessible system logs, or unhandled errors with overly informative messages fit in this category. All of them tend to give attackers insights about system internals, making further exploitation easier.
Instead of searching for a zero-day venerability, attackers tend to take the short path first, searching for known issues. This approach has proved to be fruitful. Most applications, such as database servers, have default accounts with administrative privileges to allow the initial setup. Not removing such accounts leaves the door wide open to attackers. Sometimes special pages are used to automate specific tasks. Graphical installers are a good example. They are intended to be used once and then removed. But quite often, they get deployed along with the application. Enable directory listings or public-accessible files such as system logs or backups are easy to find even without touching the application.
The most common consequence of security misconfigurations is the unauthorized access to some system data or functionality. Depending on exposed data or functionality nature, exploitation may become easier. Occasionally, security misconfigurations allow attackers to get control over the system. Firewall or remote access misconfigurations are good candidates to make the system vulnerable. Finding security misconfigurations can be done without touching the application. Using a search engine may be enough to identify exposed directories or files, such as system logs or database backups. Non-tech threat agents such, as competitors or activists, may follow this approach to get access to your system details or business secrets without much effort. You’ll find this table in the OWASP Top 10.
Pause the video, and take your time to carefully read it. In the next part, we will review some security misconfigurations in our target application found in previous sessions while exploiting other vulnerabilities.

Security misconfigurations pose a significant risk to your system security.

Security misconfigurations refer to actions or settings that lower a system’s resilience and make it more vulnerable to hackers. Watch this video to learn more about misconfigurations that you need to be aware of when assessing your own system, and how hackers tend to assess a system to find these vulnerabilities.

Reflect and share: How is your organization’s system kept up to date? How often do you think your system should be checked to ensure unused accounts are removed and that all online links and pages are either removed or updated if they are outdated? Share your answers and reasoning here.

This article is from the free online

Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now