Application Security

Security Misconfiguration Example – Upwork

In this post, you will see an example of security misconfiguration which is one of the top 10 security vulnerabilities as per OWASP top 10 security vulnerabilities.

Here is what security misconfiguration means?

Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access or knowledge of the system. In this post, you will see the example of unauthorized knowledge of the system.

Security Misconfiguration Example

This morning, I was checking the Upwork.com when I saw this message when I tried to login. Take a look at exceptions and stack trace.

Fig 1. Stacktrace of Exceptions

Using the above, I could extract some of the following information in relation to software stack used for building Upwork and design one or more attack vector for hacking purpose.

  • Java is used in the backend
  • Jetty server looks to be used
  • Netflix Hystrix is used for latency and fault tolerance
  • Usage of some of the following jar files
    • httpcore.jar
    • httpclient.jar
    • dropwizard-client.jar
    • jersey-client
    • guice-servlet

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.

Share
Published by
Ajitesh Kumar

Recent Posts

Agentic Reasoning Design Patterns in AI: Examples

In recent years, artificial intelligence (AI) has evolved to include more sophisticated and capable agents,…

2 months ago

LLMs for Adaptive Learning & Personalized Education

Adaptive learning helps in tailoring learning experiences to fit the unique needs of each student.…

2 months ago

Sparse Mixture of Experts (MoE) Models: Examples

With the increasing demand for more powerful machine learning (ML) systems that can handle diverse…

2 months ago

Anxiety Disorder Detection & Machine Learning Techniques

Anxiety is a common mental health condition that affects millions of people around the world.…

3 months ago

Confounder Features & Machine Learning Models: Examples

In machine learning, confounder features or variables can significantly affect the accuracy and validity of…

3 months ago

Credit Card Fraud Detection & Machine Learning

Last updated: 26 Sept, 2024 Credit card fraud detection is a major concern for credit…

3 months ago