Security Misconfiguration takes the form of omission
default passwords
- pattern: seek out Admin consoles and change the default password
- pattern: disable running servers on Base OS images (eg. redis, mongo, postgres, zookeeper, …)
anti-pattern: servers listening too broadly anti-pattern: sample applications in production pattern: every admin uses a personal account pattern: log admin & internal calls
(src: