From the course: Complete Guide to Application Security
Join today to access over 25,600 courses taught by industry experts.
Configuration security
From the course: Complete Guide to Application Security
Configuration security
- [Instructor] Application security isn't just about writing secure code. It's about making sure your app and its environment are configured in a way that maximizes security. This is where security misconfigurations come into play. Misconfigurations can be anything from leaving unnecessary features enabled, keeping default accounts with their original passwords, or even having network ports open that shouldn't be. These might seem like small oversights, but they can be an open invitation to attackers. Think of it like this. You wouldn't leave your front door wide open with a sign that says, "Welcome, come on in," right? That's essentially what some of these misconfigurations allow attackers to do. To give you an idea of how widespread this issue is, misconfigurations map to about 20 CWEs, and a staggering 90% of applications tested in recent studies had at least one misconfiguration flaw. One common example is overly verbose error messages. These can leak sensitive information, like…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
OWASP Top 10: The most critical risks3m 29s
-
(Locked)
Broken access control6m 47s
-
(Locked)
Demo: Implementing strong access controls5m 10s
-
(Locked)
Injection attacks5m 7s
-
(Locked)
Demo: SQL injection attack and mitigation9m 49s
-
(Locked)
Configuration security5m 39s
-
(Locked)
Secure by design6m 32s
-
-
-
-
-
-
-
-
-