Rewire with Susan

Common security vulnerabilities(Part 2)

February 16, 2021 Season 2 Episode 11
Rewire with Susan
Common security vulnerabilities(Part 2)
Chapters
Rewire with Susan
Common security vulnerabilities(Part 2)
Feb 16, 2021 Season 2 Episode 11

0:22 - Welcome!!

0:33 - Short recap from last week

0:56 - Please share your feedback about the podcast in this google form

1:10 - SQL Injection

  • Injecting malicious SQL statements into the database through the user input
  • 2:23 - How to prevent
    • Treat user input as untrusted - Filter and validate

2:43 - Security misconfiguration

  • Happens when a part of your web application is defenseless against attack
    • Using default credentials
    • Allowing users to have access to information about the application through the stack trace
  • 4:18 - How to prevent
    • Don't overshare information
    • Have a minimal footprint for the different components of your application
    • Don't keep default accounts, files, or directories

5:14 - Broken authentication

  • Happens when an attacker masquerades as a user through. different means
    • Credential stuffing: using known breached accounts
    • Automated attacks: using random credentials
    • Default(lazy) credentials
    • Stolen session Ids
  • 8:46 - How to prevent
    • The web server could be used to create unique session ids different from the ones created by the browser
    • Add a limit to failed logins
    • Muti-factor authentication
    • Password complexity

Social media

Email
[email protected]
Also, feel free to
share your thoughts and feedback here

Show Notes

0:22 - Welcome!!

0:33 - Short recap from last week

0:56 - Please share your feedback about the podcast in this google form

1:10 - SQL Injection

  • Injecting malicious SQL statements into the database through the user input
  • 2:23 - How to prevent
    • Treat user input as untrusted - Filter and validate

2:43 - Security misconfiguration

  • Happens when a part of your web application is defenseless against attack
    • Using default credentials
    • Allowing users to have access to information about the application through the stack trace
  • 4:18 - How to prevent
    • Don't overshare information
    • Have a minimal footprint for the different components of your application
    • Don't keep default accounts, files, or directories

5:14 - Broken authentication

  • Happens when an attacker masquerades as a user through. different means
    • Credential stuffing: using known breached accounts
    • Automated attacks: using random credentials
    • Default(lazy) credentials
    • Stolen session Ids
  • 8:46 - How to prevent
    • The web server could be used to create unique session ids different from the ones created by the browser
    • Add a limit to failed logins
    • Muti-factor authentication
    • Password complexity

Social media

Email
[email protected]
Also, feel free to
share your thoughts and feedback here