Lesson 3: Security Misconfiguration, Sensitive Data Exposure, Function Access Control

This E-Commerce Security Course third lesson covers the following:

Security Misconfiguration
Sensitive Data Exposure
Missing Function Access Control

This lesson is conducted in partnership with Isaac Sabas and Jonathan Mantua of Pandora Security Labs. (offers advance IT security training and provider of WebRanger – an online security monitoring and attack blocking service.)

(Should you encounter a “secure connection failed” message in any of the video embedded, just click on the “try again” button to load it.)

WARNING: STUDENTS PARTICIPATING IN THIS PROGRAM SHOULD USE THE KNOWLEDGE AND INSIGHTS GAINED IN A RESPONSIBLE MANNER. Probing and attacking websites, whether successful or not, is a CYBERCRIME and will make you liable under the E-Commerce Law, CyberCrime Law, and Data Privacy Law.

Security Misconfiguration

Sensitive Data Exposure

Missing Function Access Control

Resource:

Testing site: Secure Savings Bank
WebGoat
OWASP 2013 Top 10 List

E-Commerce Security Course

Lesson 3: Security Misconfiguration, Sensitive Data Exposure, Function Access Control

WARNING: STUDENTS PARTICIPATING IN THIS PROGRAM SHOULD USE THE KNOWLEDGE AND INSIGHTS GAINED IN A RESPONSIBLE MANNER. Probing and attacking websites, whether successful or not, is a CYBERCRIME and will make you liable under the E-Commerce Law, CyberCrime Law, and Data Privacy Law.

Security Misconfiguration

Sensitive Data Exposure

Missing Function Access Control

Questions