OWASP Security Misconfiguration Example – Infosys Career Website

The article presents an example of “Security Misconfiguration” vulnerability that was found on Infosys career website. It could be noted that security misconfiguration is considered as one of the OWASP top 10 security vulnerabilities.

The vulnerability was found with Careers web application of Infosys, which can be accessed at https://careers.infosys.com/.

So, how to fix it?

Following are different possible solutions to fix this vulnerability:

  • Provide an error page and do the appropriate configuration such that the error page is displayed if someone tries access unauthorized page like above.
  • Create a set of thin UI pages and integrate it with SAP Netweaver back end using REST. This way, one will never know about SAP backend at all.
  • Create a web MVC application and integrate it with SAP Netweaver the backend.

[adsenseyu1]

Ajitesh Kumar
Follow me
Latest posts by Ajitesh Kumar (see all)

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. For latest updates and blogs, follow us on Twitter. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking
Posted in Application Security. Tagged with , .

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload the CAPTCHA.