Simple configuration mistakes when setting up applications or frameworks can have a large impact on security. In order to help developers get started and provide tools for debugging, many frameworks provide defaults that allow for easy access and insight into application internals when errors occur.
As a key step in preparing for production deployment, a separate production configuration with secure settings should be maintained. If this is neglected, an attacker may be able to gain direct access to sensitive data or execute code in the application production environment.
The popular NoSQL database, MongoDB, is ranked the 5th most popular database server as of March 2018.
Until recently, the database shipped with a default configuration that opened up the database without any authentication to anyone with network access to the database host. This resulted in the exposure and subsequent hacking of more than 28,000 servers towards the end of 2017. Attackers deleted their targets data and demanded a ransom to be paid in return of the data.
The best defence against security misconfiguration attacks is a thorough review of the application and framework configuration. Our approach is to research configuration best practices specific to the application or framework and keep track of the latest findings in security incidents, such as in the MongoDB case.
More useful information may be found at:
We provide code security reviews as a service. Based on our extensive experience in the field of sofware engineering and IT security, we know how to efficiently review entire code bases and identify security critical parts of the software.
This enables us to provide our security code review service at a fixed rate per review, providing our customers a transparent, efficient and reliable process.
Fixed Price per Review
Our code security review service is in popular demand.
Next spots are available in July 2019.