WEBVTT

00:00.660 --> 00:09.090
Developers and I.T. staff usually ensure functionality in favor of security configurations done at the

00:09.360 --> 00:16.980
application level server level and other devices need to be in line with the security requirements.

00:16.980 --> 00:24.150
Most of the security requirements get missed unless identified by hackers.

00:24.240 --> 00:31.020
Example of the security missed configurations are directly the listing which is available on many of

00:31.020 --> 00:32.100
the websites.

00:32.190 --> 00:38.340
Default error messages default passwords weak passwords default scripts etc..

00:38.700 --> 00:45.810
Let us see an example here of an error that has been thrown to a user on the web server.

00:45.810 --> 00:52.070
It obviously tells us that this application is using Microsoft Access.

00:52.080 --> 01:00.270
Another example obviously tells us that the application is using Oracle database.

01:00.270 --> 01:06.720
Some of the tips on how to protect ourselves from security mis configurations is to always follow a

01:06.720 --> 01:15.750
hardening process for both hardware and applications ensure that default settings such as default passwords

01:15.780 --> 01:24.900
are changed only install the required features and frameworks on a server and make it a habit to review

01:24.900 --> 01:30.270
the security of your configurations at regular intervals.