In this post, you will see an example of security misconfiguration which is one of the top 10 security vulnerabilities as per OWASP top 10 security vulnerabilities.
Here is what security misconfiguration means?
Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access or knowledge of the system. In this post, you will see the example of unauthorized knowledge of the system.
Security Misconfiguration Example
This morning, I was checking the Upwork.com when I saw this message when I tried to login. Take a look at exceptions and stack trace.
Using the above, I could extract some of the following information in relation to software stack used for building Upwork and design one or more attack vector for hacking purpose.
- Java is used in the backend
- Jetty server looks to be used
- Netflix Hystrix is used for latency and fault tolerance
- Usage of some of the following jar files
- Online US Degree Courses & Programs in AI / Machine Learning - May 29, 2023
- AIC & BIC for Selecting Regression Models: Formula, Examples - May 28, 2023
- Azure OpenAI Service Details & Pricing Info - May 27, 2023
Leave a Reply