WEBVTT 00:00:00.000 --> 00:00:07.270 align:middle line:90% 00:00:07.270 --> 00:00:11.030 align:middle line:84% Welcome to Security Misconfiguration session. 00:00:11.030 --> 00:00:14.720 align:middle line:84% In this first part, we will focus on threat analysis. 00:00:14.720 --> 00:00:16.490 align:middle line:84% We will take our time to discuss how 00:00:16.490 --> 00:00:18.860 align:middle line:84% security misconfigurations compromise application 00:00:18.860 --> 00:00:19.940 align:middle line:90% security. 00:00:19.940 --> 00:00:22.700 align:middle line:84% Then we will discuss how the system can be harmed, 00:00:22.700 --> 00:00:25.040 align:middle line:84% the impact of the successful exploitation, 00:00:25.040 --> 00:00:27.200 align:middle line:84% and give you some insights to identify who 00:00:27.200 --> 00:00:29.670 align:middle line:90% may want to harm your system. 00:00:29.670 --> 00:00:32.850 align:middle line:84% Security misconfiguration is a very broad category. 00:00:32.850 --> 00:00:34.800 align:middle line:84% By definition, a misconfiguration 00:00:34.800 --> 00:00:37.540 align:middle line:84% is an incorrect or inappropriate configuration. 00:00:37.540 --> 00:00:40.290 align:middle line:84% But security-wise, these incorrect or inappropriate 00:00:40.290 --> 00:00:42.780 align:middle line:84% configurations lower system resilience, 00:00:42.780 --> 00:00:45.480 align:middle line:84% increasing the overall security risk. 00:00:45.480 --> 00:00:48.720 align:middle line:84% Things like enable directory listing, public accessible 00:00:48.720 --> 00:00:52.260 align:middle line:84% system logs, or unhandled errors with overly informative 00:00:52.260 --> 00:00:54.930 align:middle line:90% messages fit in this category. 00:00:54.930 --> 00:00:56.820 align:middle line:84% All of them tend to give attackers 00:00:56.820 --> 00:00:59.100 align:middle line:84% insights about system internals, making 00:00:59.100 --> 00:01:01.590 align:middle line:90% further exploitation easier. 00:01:01.590 --> 00:01:04.560 align:middle line:84% Instead of searching for a zero-day venerability, 00:01:04.560 --> 00:01:07.080 align:middle line:84% attackers tend to take the short path first, 00:01:07.080 --> 00:01:09.060 align:middle line:90% searching for known issues. 00:01:09.060 --> 00:01:12.140 align:middle line:84% This approach has proved to be fruitful. 00:01:12.140 --> 00:01:14.810 align:middle line:84% Most applications, such as database servers, 00:01:14.810 --> 00:01:17.420 align:middle line:84% have default accounts with administrative privileges 00:01:17.420 --> 00:01:19.830 align:middle line:90% to allow the initial setup. 00:01:19.830 --> 00:01:22.110 align:middle line:84% Not removing such accounts leaves the door 00:01:22.110 --> 00:01:24.090 align:middle line:90% wide open to attackers. 00:01:24.090 --> 00:01:28.500 align:middle line:84% Sometimes special pages are used to automate specific tasks. 00:01:28.500 --> 00:01:30.900 align:middle line:84% Graphical installers are a good example. 00:01:30.900 --> 00:01:34.020 align:middle line:84% They are intended to be used once and then removed. 00:01:34.020 --> 00:01:36.000 align:middle line:84% But quite often, they get deployed along 00:01:36.000 --> 00:01:37.650 align:middle line:90% with the application. 00:01:37.650 --> 00:01:41.170 align:middle line:84% Enable directory listings or public-accessible files 00:01:41.170 --> 00:01:43.440 align:middle line:84% such as system logs or backups are 00:01:43.440 --> 00:01:47.010 align:middle line:84% easy to find even without touching the application. 00:01:47.010 --> 00:01:50.130 align:middle line:84% The most common consequence of security misconfigurations 00:01:50.130 --> 00:01:52.500 align:middle line:84% is the unauthorized access to some system data 00:01:52.500 --> 00:01:53.820 align:middle line:90% or functionality. 00:01:53.820 --> 00:01:56.700 align:middle line:84% Depending on exposed data or functionality nature, 00:01:56.700 --> 00:01:59.280 align:middle line:90% exploitation may become easier. 00:01:59.280 --> 00:02:01.500 align:middle line:84% Occasionally, security misconfigurations 00:02:01.500 --> 00:02:04.110 align:middle line:84% allow attackers to get control over the system. 00:02:04.110 --> 00:02:06.720 align:middle line:84% Firewall or remote access misconfigurations 00:02:06.720 --> 00:02:10.389 align:middle line:84% are good candidates to make the system vulnerable. 00:02:10.389 --> 00:02:12.370 align:middle line:84% Finding security misconfigurations 00:02:12.370 --> 00:02:14.770 align:middle line:84% can be done without touching the application. 00:02:14.770 --> 00:02:17.440 align:middle line:84% Using a search engine may be enough to identify 00:02:17.440 --> 00:02:21.130 align:middle line:84% exposed directories or files, such as system logs or database 00:02:21.130 --> 00:02:22.150 align:middle line:90% backups. 00:02:22.150 --> 00:02:25.990 align:middle line:84% Non-tech threat agents such, as competitors or activists, 00:02:25.990 --> 00:02:27.850 align:middle line:84% may follow this approach to get access 00:02:27.850 --> 00:02:30.070 align:middle line:84% to your system details or business secrets 00:02:30.070 --> 00:02:31.900 align:middle line:90% without much effort. 00:02:31.900 --> 00:02:34.660 align:middle line:84% You'll find this table in the OWASP Top 10. 00:02:34.660 --> 00:02:37.960 align:middle line:84% Pause the video, and take your time to carefully read it. 00:02:37.960 --> 00:02:41.380 align:middle line:84% In the next part, we will review some security misconfigurations 00:02:41.380 --> 00:02:44.410 align:middle line:84% in our target application found in previous sessions 00:02:44.410 --> 00:02:47.880 align:middle line:84% while exploiting other vulnerabilities. 00:02:47.880 --> 00:02:49.000 align:middle line:90%