App Misconfigurations Are a Growing Security Threat That Endangers Passwords

Many retailers are shifting from simple websites to the so-called web apps or websites with desktop or mobile applications' functionality. Unfortunately, web apps' growing demand and functionality makes developers work faster and rely more on third-party services, which results in misconfigurations and mistakes that can create vulnerabilities. If there is a weakness in an app, it could allow hackers to breach a system. As you might already know, security breaches threaten passwords and other sensitive customers' data safety, which is why app misconfiguration is becoming a serious problem. In this article, we discuss app misconfiguration and talk about what companies should do to ensure their app security as well as how users could protect themselves. If there is anything you would like to ask after reading our blog post, feel free to use our comments section.

App or security misconfiguration is defined by either a failure to implement security controls for a web application or inability to implement them correctly. According to, it is a widespread problem and can occur in various apps. Specialists say that the three most common misconfigurations are: default configurations that have not been changed for a long time, unfinished configurations that were supposed to be temporary, and configurations that are based on wrong assumptions about the app’s network behavior and connectivity requirements. They can lead to the creation of unnecessary administration ports that could help gain unauthorized access, outbound connections to multiple Internet services that could result in unwanted app’s behavior, ability for hackers to communicate with an app while mimicking another application that might not exist anymore.

Most importantly, the mentioned configuration errors can result in security breaches that threaten passwords, payment information, and other sensitive data that could put users' privacy at risk. Of course, it is not just users who take damage from such incidents. Companies who experience data breaches might lose their customer’s confidence, reputation, and money. Thus, avoiding misconfigurations and ensuring app security might help retailers keep their customers happy and avoid financial losses. Data breaches can be extremely costly, depending on how much and what kind of data gets leaked. According to IBM’s report, the average total cost of a data breach is 3.86 million US dollars.

Why app misconfiguration is a growing threat?

According to Verizon’s report, web applications’ weaknesses were exploited in 43 percent of data breaches that occurred in 2018. It is twice as many cases of data breaches involving app misconfiguration as there were in 2017. Consequently, app misconfiguration made it to the list of top five methods used to perform the Verizon’s researched data breaches. It means that cybercriminals are starting to exploit configuration errors as often as they employ phishing and hacking that remain to be the most common methods. Thus, it is becoming evident that app misconfiguration is a growing threat that companies need to pay more attention to app security.

What should companies do to try to avoid app misconfiguration?

Specialists say that in order to avoid configuration errors and ensure app security, developers must perfectly understand an application’s behavior so that it would be easier to determine how it should not behave and what might be excessive. Even so, there is always a risk that human error might occur. To eliminate it, specialists advise using advanced technology and automation tools. Most importantly, it is vital not to forget that technologies change fast, and what was considered safe a year ago might now be a liability. Thus, reviewing app configuration and looking for weaknesses is a must. Also, researchers notice that retailers are taking too long to patch vulnerabilities, and cybercriminals are aware of it. Therefore, companies need to prioritize such tasks more if they want to avoid weaknesses in their apps that could lead to data breaches.

How can you stay safe as a user while using web apps?

An app’s security depends on its developers. Thus, we recommend choosing apps from companies that prioritize cybersecurity and user safety. Of course, data breaches are difficult to avoid, and no company is safe, no matter how much it invests in cybersecurity. Therefore, the best thing you can do is be prepared for data leaks. How can you do that? First, we recommend following cybersecurity news so that you would learn about a data breach the minute the word about the incident gets out.

Further actions depend on what kind of data got leaked. For example, if it was your account‘s password, you should change it at once. Needless to say, adding a couple of numbers or characters to the old password will not make any difference. It is best to come up with a new, random combination from lower-case and upper-case letters, symbols, and numbers. A dedicated password manager like Cyclonis Password Manager can make this task very easy as it can generate long and complex passwords. It can even store your passwords on an encrypted vault so you would not have to memorize any of them. After replacing your passwords, do not forget to enable Two-Factor Authentication to create an extra layer of protection for your accounts.

On the other hand, if your payment information got leaked, you should immediately contact your bank and explain the situation. The bank’s support team should suggest what to do to stop hackers from misusing your banking details. To learn more about what you should do if you fall victim to a data breach, you could continue reading here.

To conclude, app misconfiguration might not be the biggest problem yet or the main cause of security breaches that threaten passwords and sensitive data safety, but it could become a severe threat in the future. Therefore, companies should concentrate not on how to release their web apps faster or add more functionality to them but how to implement security controls to ensure app security and do so correctly. As for users, it is vital to know what to do if their data gets leaked during a data breach as well as try not to overshare their sensitive information in case the web app storing it might be attacked.

By Foley
October 12, 2020
October 12, 2020

Leave a Reply