1
00:00:00,150 --> 00:00:04,750
We're going to talk about security mis configuration which is number six on the top 10.

2
00:00:05,160 --> 00:00:08,150
And you're going to realize you've already seen this a couple of times before.

3
00:00:08,280 --> 00:00:10,020
So we only need to do this one video.

4
00:00:10,020 --> 00:00:15,390
We don't have to do two videos on the topic so let's talk about security mis configuration.

5
00:00:15,600 --> 00:00:17,280
Again kind of like number five.

6
00:00:17,280 --> 00:00:19,260
This is just a big catch all.

7
00:00:19,440 --> 00:00:23,940
If you miss configure something in your security then guess what.

8
00:00:23,940 --> 00:00:26,170
That's a security mis configuration.

9
00:00:26,280 --> 00:00:28,680
And there's so many different examples of that.

10
00:00:28,680 --> 00:00:32,100
You can see all of them here an example attack scenarios.

11
00:00:32,100 --> 00:00:34,260
But let's talk about some of these.

12
00:00:34,260 --> 00:00:42,510
Like a default credential on a web page that happens so much you will not believe just today literally

13
00:00:42,520 --> 00:00:49,900
no I just today I was doing a pen test and I came across default credentials on an application.

14
00:00:49,920 --> 00:00:54,510
Those default credentials led to disclosure of sensitive information.

15
00:00:54,660 --> 00:01:02,250
Literally was able to view every single employee and view their employee email addresses their employee

16
00:01:02,250 --> 00:01:04,530
I.D. number their phone number.

17
00:01:04,530 --> 00:01:09,870
There was a lot of sensitive information there that should not have been disclosed but it was because

18
00:01:10,200 --> 00:01:11,100
guess what.

19
00:01:11,220 --> 00:01:12,780
Default username and password.

20
00:01:13,050 --> 00:01:17,880
And we've talked about this before in the earlier videos when we were doing the midcourse Capstone but

21
00:01:17,880 --> 00:01:20,300
this is just something that you see so much.

22
00:01:20,310 --> 00:01:22,060
I see it all the time.

23
00:01:22,170 --> 00:01:27,260
I've seen things like Cisco Cisco on a router and that allowed access into a network.

24
00:01:27,270 --> 00:01:27,880
Right.

25
00:01:27,900 --> 00:01:32,040
So there's a lot of different little things like this where you find an application you should always

26
00:01:32,040 --> 00:01:34,620
be checking for default credentials.

27
00:01:34,620 --> 00:01:36,600
Another one stack traces.

28
00:01:36,630 --> 00:01:36,990
OK.

29
00:01:36,990 --> 00:01:37,680
Error handling.

30
00:01:37,680 --> 00:01:39,510
We've already seen that happen.

31
00:01:39,600 --> 00:01:44,490
If you think about the error handling when we tried the sequel injection we put in that single quote

32
00:01:44,930 --> 00:01:50,010
it through an error your your application should not be throwing errors right.

33
00:01:50,010 --> 00:01:56,760
You should eliminate any sort of stack tracing you should eliminate any sort of default credentials

34
00:01:56,760 --> 00:01:57,380
right.

35
00:01:57,540 --> 00:01:58,130
You.

36
00:01:58,150 --> 00:02:06,150
And it says in here you know unnecessary features are enabled or installed even like applications that

37
00:02:06,150 --> 00:02:12,870
are left behind or you're able to navigate to source code you're able to see files that you shouldn't

38
00:02:12,870 --> 00:02:20,220
be able to see you know like or there's sometimes their applications come with you know certain features

39
00:02:20,250 --> 00:02:24,530
but they're just default features and you're not using all of them but you didn't disable them.

40
00:02:24,540 --> 00:02:26,760
Well maybe those have vulnerabilities in them as well.

41
00:02:26,760 --> 00:02:31,000
And that would be considered a security mis configuration.

42
00:02:31,020 --> 00:02:34,120
So again at the bottom it says software out of date are vulnerable.

43
00:02:34,530 --> 00:02:36,680
Yes that is part of it.

44
00:02:36,690 --> 00:02:42,420
But as it says here using components with known vulnerabilities really falls into number nine.

45
00:02:42,420 --> 00:02:44,130
So we'll talk about that in a little bit.

46
00:02:44,670 --> 00:02:50,760
But again this big catch all where if somebody makes a security mis configuration would you.

47
00:02:50,760 --> 00:02:54,930
Happens all the time then we're going to take advantage of it.

48
00:02:54,930 --> 00:02:55,280
Right.

49
00:02:55,710 --> 00:02:58,830
So it talks here about the preventable measures.

50
00:02:58,830 --> 00:03:04,260
And it really just depends on the certain scenario like you should be using best practices when you're

51
00:03:04,260 --> 00:03:10,770
installing things don't install you know make sure things are not installed on your systems that you

52
00:03:10,770 --> 00:03:11,310
don't need.

53
00:03:11,310 --> 00:03:15,450
You don't have any unnecessary ports open or accounts activated.

54
00:03:15,540 --> 00:03:18,680
You're not using default credentials on your web pages.

55
00:03:18,750 --> 00:03:24,000
You're not allowing for stack traces or more verbose error messaging.

56
00:03:24,000 --> 00:03:28,950
There's a lot of different things out there that you could do but you need to make sure that your security

57
00:03:28,980 --> 00:03:30,410
is intact.

58
00:03:30,480 --> 00:03:32,660
And this one's really hard to do right.

59
00:03:32,660 --> 00:03:34,120
Like it sounds like.

60
00:03:34,160 --> 00:03:34,760
OK.

61
00:03:34,770 --> 00:03:40,110
We've got some things that we can work on that's kind of the whole point of a pen test is to find the

62
00:03:40,110 --> 00:03:41,460
security in this configuration.

63
00:03:41,460 --> 00:03:45,770
So a lot of the things that you're going to uncover are going to be a part of this.

64
00:03:45,780 --> 00:03:50,390
So we've talked about one that we've already seen which is the air handling we did the sequel injection.

65
00:03:50,520 --> 00:03:56,910
Well another one that we've already seen and achieved on our scoreboard is the deprecated interface.

66
00:03:56,970 --> 00:03:59,490
So that is the file upload.

67
00:03:59,490 --> 00:04:05,730
We were not supposed to be able to upload a file and we were able or an excel file.

68
00:04:05,730 --> 00:04:06,000
Right.

69
00:04:06,000 --> 00:04:08,350
Remember was only zip it was only PDA.

70
00:04:08,670 --> 00:04:15,540
Well we uploaded the excel file and that is a complete bypass of this.

71
00:04:15,540 --> 00:04:18,210
That's a great security mis configuration.

72
00:04:18,210 --> 00:04:20,120
If we're able to bypass that.

73
00:04:20,220 --> 00:04:20,930
Right.

74
00:04:20,970 --> 00:04:23,280
So that falls under this bucket as well.

75
00:04:23,280 --> 00:04:24,980
So again another catch all.

76
00:04:25,320 --> 00:04:30,270
But when you are asked in the interview you can talk about these things again the default credentials

77
00:04:30,270 --> 00:04:38,880
the stack traces you know directories or parts of applications left behind unnecessary ports open unnecessary

78
00:04:38,880 --> 00:04:44,550
accounts or privileges or etc. and that should really help you out when you're actually in the interview

79
00:04:44,550 --> 00:04:47,970
process so from here that is it.

80
00:04:47,970 --> 00:04:53,460
We're going to move on to one of my favorites which is cross site scripting so I'll catch you over in

81
00:04:53,450 --> 00:04:57,810
the next video and we start talking about what that is and the different types of cross-eyed scripting.