A5-Security misconfiguration-OWASP 2013

2,584 views
2,289 views

Published on

It's a presentation about A5 - Security Misconfiguration - Top ten - OWASP-2013.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,584
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
98
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

A5-Security misconfiguration-OWASP 2013

  1. 1. Security Misconfiguration Sorina-Georgiana CHIRILĂ - 2013
  2. 2. About ● “ This happens when the system admins , DBAs and developers leave security holes in the configuration of computer systems. ” A5 http://www.inteco.es htts://www.inteco.es
  3. 3. Idea(1) Attacker accesses : ● ● ● ● default accounts, unused pages, unpatched flaws, unprotected files and directories. Security misconfiguration can happen at any level on an application stack: ● ● ● ● ● including the platform, web & application server, database, framework, custom code.
  4. 4. Idea(2) http://www.slideshare.net/tabaradetestare
  5. 5. Example ● Get information about server type or current web development language .
  6. 6. Typical attack approach ● ● Find information related to : OS type and version, libraries, tools, Web server type ,web development language, And then
  7. 7. How to prevent ? ● ● ● ● ● ● ● ● ● ● Remove/ change default credentials, Keep up to date software, Look for disabling unused components or services, Take in consideration automated scanners(OpenVAS, WATOBO,WebScarab, https://asafaweb. com/), Setup a process for security updates, Use minimal privileges everywhere, Remove all unused pages and user accounts, Create whitelist pages, Update patches(small piece of software used to correct a problem with OS for example), Review configuration default for : frameworks, db, web server ….
  8. 8. Case studies
  9. 9. Resources ● ● ● ● ● ● ● ● ● ● ● ● https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration, http://www.slideshare.net/skoussa/simplified-security-code-review-process, http://www.slideshare.net/tabaradetestare/security-testing-21078196, http://eric-diehl.com/category/security/, http://www.slideshare.net/owaspkhartoum/owasp-kartoum-top-10-a6-8th-meeting, https://www.mavitunasecurity.com/blog/owasp-top-10-2013/, http://www.slideshare.net/RapPayne/a6-security-misconfigurationpptx, http://www.slideshare.net/carlo.bonamico/is-my-web-application-secure-owasp-top-ten-security-risks-and-beyond, https://isc.sans.edu/presentations/SANSFIRE2012-Russ_McRee-OWASPTop10.pdf, http://projects.webappsec.org/w/page/13246914/Application%20Misconfiguration, http://cwe.mitre.org/data/definitions/933.html, http://projects.webappsec.org/w/page/13246959/Server%20Misconfiguration.
  10. 10. Thank You!

×