From the course: OWASP Top 10: #5 Security Misconfiguration and #6 Vulnerable and Outdated Components
Join today to access over 24,700 courses taught by industry experts.
Real-world example #1: Equifax breach 2017
From the course: OWASP Top 10: #5 Security Misconfiguration and #6 Vulnerable and Outdated Components
Real-world example #1: Equifax breach 2017
- [Narrator] Equifax is an American credit monitoring company. It uses sensitive financial and personal information to calculate credit scores, which are then used by individuals trying to obtain a loan. In the 2017 Equifax breach, nearly 150 million records were stolen. Compromised information included social security number, date of birth, address, and credit report information. Additionally, more than 200,000 credit card numbers were also breached in the attack. This type of information is pretty much exactly what a bad actor needs to commit identity theft. How did this happen? Unfortunately, Equifax was using vulnerable and outdated software components. And these were exploited by malicious hackers. The specific vulnerable software component involved in the breach is an open source component called Apache Struts. This particular vulnerability could be leveraged to perform RCE, or remote code execution. Remote…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
What are vulnerable and outdated components?1m 44s
-
(Locked)
Real-world example #1: Equifax breach 20172m 4s
-
Real-world example #2: Target breach 20131m 50s
-
(Locked)
Prevention technique #1: Remove unnecessary features1m 55s
-
(Locked)
Prevention technique #2: Continuous inventory management2m 5s
-
(Locked)
Prevention technique #3: Leverage virtual patching2m 36s
-
(Locked)
-