OWASP Security Misconfiguration
September 10th, 2022
Security Misconfiguration takes the form of omission
default passwords
pattern: seek out Admin consoles and change the default password
pattern: disable running servers on Base OS images (eg. redis, mongo, postgres, zookeeper, ...)
anti-pattern: servers listening too broadly
anti-pattern: sample applications in production
pattern: every admin uses a personal account
pattern: log admin & internal calls
(src:
This post was referenced in: