Security Misconfiguration

Security Misconfiguration

Hi, in this post we will see how security misconfiguration is working and how it could be used.

The security misconfiguration in Extreme Vulnerable Node Application (XVNA) is the stack trace, which should not be shown to the user because that may lead to some other attack.


If the attacker could know what code, language, server are used then it becomes easy for an attacker to attack.

We can see the attack in the video below.

Extreme vulnerable node application is available at Github https://github.com/vegabird/xvna and you can download it and test on your localhost.

Prevention:

Security Misconfiguration could be solved by using suitable configuration on server level and using proper validation in programming level to avoid throwing the unwanted error.

Post navigation



    • Related Articles

    • How to improve Web Application Security

      Web application security is one major element in web app development that that often gets overlooked. It’s understandable. Business websites and applications need to be as accessible yet robust as possible, but this presents a huge range of security ...

    • Web security issues you need to be concerned

      1. SQL Injection (SQLi) The SQL injection is the most common web security issue faced by most of the companies. An SQL injection is the injection attack where hackers can input malicious SQL queries to pull sensitive data from the database. These SQL ...

    • How to setup and use Mobile Security Framework(MobSF)

      Hi, This post is regarding How to setup and use Mobile Security Framework(MobSF). Requirements : Python 2.7, Oracle JDK 1.7 or above. After this installation follows this steps. Step 1: Search Mobile Security Framework. Download this Files. Step 2: ...

    • Common website vulnerabilities

      These are the some common website vulnerabilities found during the vulnerability scan. Always developers need to plan to block these loop holes for eliminating these following common vulnerabilities. 1. SQL INJECTIONS SQL injection is a type of web ...

    • OWAP TOP 10 2017

      Application Security Risk 2017 The OWASP top ten has been changed and following list is the updated. A1:2017 – Injection A2:2017 – Broken Authentication A3:2017 – Sensitive Data Exposure A4:2017 – XML External Entities (XXE) A5:2017 – Broken Access ...