Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.
This can be due to a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.
Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure.
Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware or phishing attacks.
Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.
The correct answer is A. Security misconfiguration.
Security misconfiguration is a type of threat that occurs when system components or software are not configured to adhere to the security policies and best practices. It can happen due to various reasons, such as lack of expertise, insufficient time, or improper understanding of the security requirements.
Baselines are an essential aspect of security configuration, as they define the standard configuration of a system or software that meets the security requirements. The baselines may include settings related to access control, authentication, encryption, logging, and other security-related features.
When baselines are not appropriately applied, or unauthorized changes are made, it can lead to security misconfiguration. For example, if a system has a baseline that specifies the use of strong passwords and multi-factor authentication, but the administrator fails to apply these settings or allows weaker passwords, it can result in security vulnerabilities.
Security misconfiguration can have severe consequences, such as data breaches, system downtime, or unauthorized access. Therefore, it is essential to ensure that security baselines are appropriately applied and maintained. Regular security assessments and audits can help identify and remediate security misconfigurations before they are exploited by attackers.
Insecure direct object references, unvalidated redirects and forwards, and sensitive data exposure are other types of security threats, but they are not directly related to baselines or security configuration.
Insecure direct object references occur when an attacker can access or manipulate sensitive data or resources by directly referencing them without proper authorization.
Unvalidated redirects and forwards are vulnerabilities that allow attackers to redirect users to malicious websites or steal sensitive information by manipulating the URLs or parameters of a legitimate website.
Sensitive data exposure is the disclosure of confidential information, such as passwords, credit card numbers, or personal data, due to poor security practices, vulnerabilities, or human error.