Security Misconfiguration is not limited in scope to the application code itself. Improperly secured operating systems, web server applications, and databases all contribute to the overall attack surface.
This lab presents a challenge in the Insta Friends cyber range that exploits an Integer Overflow vulnerability in its Messaging functionality, which in turn reveals a Security Misconfiguration vulnerability.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills required to:
- Understand how probing an application’s use of numeric object IDs can reveal a variety of vulnerabilities, including Integer Overflow
- Recognize how Security Misconfiguration can disclose sensitive information about an application’s implementation, including whether the application Uses Components with Known Vulnerabilities