Uploaded bysparelabs
PPTX, PDF16 views

Data Exposure And Misconfigurations OWASP

Excessive data exposure occurs when data like credit cards, personal information, or browsing habits are not properly secured by an application. This can lead to reputational risks if the exposure occurs. To prevent it, developers should carefully consider what data needs to be stored, encrypt data by default, store encryption keys separately from the encrypted data when possible, and get security advice from trusted sources. Security misconfiguration is another common issue where missing permissions, unused features, default accounts, or outdated security settings leave systems vulnerable. Developers can address this by implementing consistent processes for server hardening, code reviews, configuration reviews, and deployments. They should also regularly check for new vulnerabilities and segment systems to reduce risks.

Internet
Related topics:
Web Security Overview

Embed presentation

Download to read offline
Excessive Data Exposure What is it? •Some data has high value e.h. Credit cards, credentials, other personal data, browsing habits, financial information •If this data is not correctly handled by your application, data exposure is a serious risk •Reputational risks if it occurs •Directly vulnerable or caused by poor quality controls •Often secondary to another type of attacks
Excessive Data Exposure (Cont.) How to fix it? • Take a considered view to data value • Remove data you don't need • Learn about encryption • Encryption is generally lightweight so you use by default • Consider multiple levels of encryption • Do not store encryption keys with data • Use hardware protection of keys where possible • Be careful where you get your advice from!
Security Misconfiguration What is it? • Missing security hardening or incorrect permissions on app • Unnecessary features/ports are available • Default accounts enabled • Error leakage • Updated security features are left disabled or misconfigured • Insecure configuration in web app or server frameworks • Lack of security headers • Vulnerable components used
Security Misconfiguration (Cont.) How to fix it • Consistent process for server and app hardening o Development o Code review o Configuration o Deployment • Consider minimal server as starting point • Regular consideration of new vulnerabilities • Segmentation of systems to reduce risk • Automated and online server checks

More Related Content

PDF
Data security in the age of GDPR – most common data security problems
byExove
 
PPTX
OWASP Top 10 - 2017 Top 10 web application security risks
byKun-Da Wu
 
PPTX
Top 3 tips for security documentation
byMichael Furman
 
PPTX
Security misconfiguration
byMicho Hayek
 
PDF
MacIT 2014 - Essential Security & Risk Fundamentals
byAlison Gianotto
 
PPTX
Your data is your business: Secure it or Lose it!
byPerformance Tuning Corporation
 
PDF
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
byUlf Mattsson
 
PDF
3 guiding priciples to improve data security
byKeith Braswell
 
Data security in the age of GDPR – most common data security problems
byExove
 
OWASP Top 10 - 2017 Top 10 web application security risks
byKun-Da Wu
 
Top 3 tips for security documentation
byMichael Furman
 
Security misconfiguration
byMicho Hayek
 
MacIT 2014 - Essential Security & Risk Fundamentals
byAlison Gianotto
 
Your data is your business: Secure it or Lose it!
byPerformance Tuning Corporation
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
byUlf Mattsson
 
3 guiding priciples to improve data security
byKeith Braswell
 

Similar to Data Exposure And Misconfigurations OWASP

PPTX
Security Misconfiguration.pptx
byKalyani Raut
 
PPTX
A5: Security Misconfiguration
byTariq Islam
 
PDF
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
byAll Things Open
 
PPTX
Privacy Frontline - Level 1 - Module 3.pptx
bytrevor501353
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
byRyan Elkins
 
PDF
Security .NET.pdf
byAbhi Jain
 
PPT
Security@ecommerce
byOm Vikram Thapa
 
PPTX
Presentation 10.pptx
bymishogelashvili28
 
PPTX
Assessing Your security
byLegal Services National Technology Assistance Project (LSNTAP)
 
PPTX
How to-become-secure-and-stay-secure
byIIMBNSRCEL
 
PDF
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
byrmcsoft
 
PPTX
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
byResilient Systems
 
PDF
f6_cyber_security_and_your_agency.pdf
bySurendhar57
 
PDF
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
bySteven Meister
 
PPTX
Solnet dev secops meetup
bypbink
 
PDF
Data in the Wild: Survival Guide
byDruva
 
PPTX
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
byDigital Defense Inc
 
PDF
Stay Two Steps Ahead of Your Auditor
byeprentise
 
PPTX
Big data security the perfect storm
byUlf Mattsson
 
PPTX
How Secure Is Your Secure API?
byColin McGovern
 
Security Misconfiguration.pptx
byKalyani Raut
 
A5: Security Misconfiguration
byTariq Islam
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
byAll Things Open
 
Privacy Frontline - Level 1 - Module 3.pptx
bytrevor501353
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
byRyan Elkins
 
Security .NET.pdf
byAbhi Jain
 
Security@ecommerce
byOm Vikram Thapa
 
Presentation 10.pptx
bymishogelashvili28
 
Assessing Your security
byLegal Services National Technology Assistance Project (LSNTAP)
 
How to-become-secure-and-stay-secure
byIIMBNSRCEL
 
TechTalks | Software Security 101: What Every Startup Needs to Know to Protec...
byrmcsoft
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
byResilient Systems
 
f6_cyber_security_and_your_agency.pdf
bySurendhar57
 
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...
bySteven Meister
 
Solnet dev secops meetup
bypbink
 
Data in the Wild: Survival Guide
byDruva
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
byDigital Defense Inc
 
Stay Two Steps Ahead of Your Auditor
byeprentise
 
Big data security the perfect storm
byUlf Mattsson
 
How Secure Is Your Secure API?
byColin McGovern
 

Recently uploaded

PDF
The Role of Micro-interactions in Modern Web Design
bydigitalcrafters0810
 
PDF
Network Security Services for Businesses: 5 Simple Ways to Protect Your Network
byPreemptive Technofield
 
DOCX
Get Verified Payeer Accounts_ Complete Payeer Account Verification Guide (202...
byBEST IT SMM
 
PDF
2025 Archive - Zsolt Nemeth web blogging
byZsolt Nemeth
 
PDF
How to Verify Someone from Dating or Marketplace Apps
bySocial Searcher
 
PDF
Modernize everything Microsoft session.pdf
byjeyfox1
 
PDF
Enshittification and the Current State of UX/Product
byAndrew Turnbull
 
PPTX
Victoria University Transcripts
byvgki5qphpa
 
PDF
Dublin Core Metadata : Library’s Digital DNA
byDeepanshu Kumar Yadav
 
PPTX
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
PDF
Top 7 Instagram Monitoring Apps of 2025 – Feature Overview
byMichael Carter
 
The Role of Micro-interactions in Modern Web Design
bydigitalcrafters0810
 
Network Security Services for Businesses: 5 Simple Ways to Protect Your Network
byPreemptive Technofield
 
Get Verified Payeer Accounts_ Complete Payeer Account Verification Guide (202...
byBEST IT SMM
 
2025 Archive - Zsolt Nemeth web blogging
byZsolt Nemeth
 
How to Verify Someone from Dating or Marketplace Apps
bySocial Searcher
 
Modernize everything Microsoft session.pdf
byjeyfox1
 
Enshittification and the Current State of UX/Product
byAndrew Turnbull
 
Victoria University Transcripts
byvgki5qphpa
 
Dublin Core Metadata : Library’s Digital DNA
byDeepanshu Kumar Yadav
 
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
Top 7 Instagram Monitoring Apps of 2025 – Feature Overview
byMichael Carter
 

Data Exposure And Misconfigurations OWASP

  • 1.
    Excessive Data Exposure Whatis it? •Some data has high value e.h. Credit cards, credentials, other personal data, browsing habits, financial information •If this data is not correctly handled by your application, data exposure is a serious risk •Reputational risks if it occurs •Directly vulnerable or caused by poor quality controls •Often secondary to another type of attacks
  • 2.
    Excessive Data Exposure(Cont.) How to fix it? • Take a considered view to data value • Remove data you don't need • Learn about encryption • Encryption is generally lightweight so you use by default • Consider multiple levels of encryption • Do not store encryption keys with data • Use hardware protection of keys where possible • Be careful where you get your advice from!
  • 3.
    Security Misconfiguration What isit? • Missing security hardening or incorrect permissions on app • Unnecessary features/ports are available • Default accounts enabled • Error leakage • Updated security features are left disabled or misconfigured • Insecure configuration in web app or server frameworks • Lack of security headers • Vulnerable components used
  • 4.
    Security Misconfiguration (Cont.) Howto fix it • Consistent process for server and app hardening o Development o Code review o Configuration o Deployment • Consider minimal server as starting point • Regular consideration of new vulnerabilities • Segmentation of systems to reduce risk • Automated and online server checks