OWASP Security Misconfiguration

September 10th, 2022


Security Misconfiguration takes the form of omission

default passwords

  • pattern: seek out Admin consoles and change the default password

  • pattern: disable running servers on Base OS images (eg. redis, mongo, postgres, zookeeper, ...)

anti-pattern: servers listening too broadly

anti-pattern: sample applications in production

pattern: every admin uses a personal account

pattern: log admin & internal calls




This post was referenced in: