Vulnerability Scanning for Security Misconfiguration Flashcards
Why is it important to perform a vulnerability scan after the process of using the API/reverse engineering?
Because doing a scan could set off a security control to block the connection, preventing the attacker to perform any other tests.
The most common outcome for a vulnerability scan is the false-negative. How could this affect a company?
It can result in a false sense of security, because the vulnerabilities that are present were not reported by the scanner.
Is a vulnerability scanner good to find security misconfigurations? What can a security misconfiguration include?
Yes, it is a good tool for that purpose. It can include missing system patch, unprotected files, weak security headers, lack of transit encryption, CORS policy misconfiguration, verbose error messages.
