Security Misconfigurations
Understanding and Mitigating Security Misconfiguration Risks
Prevent Security MisconfigurationsTable of Contents
What is security misconfigurations?
Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This vulnerability can occur at any level of an application stack, including network services, platform, web server, application server, database, frameworks, custom code, pre-installed virtual machines, containers, and storage. Security misconfiguration can stem from the failure to implement all of the security controls for a server or web application, or from implementing security controls in a way that introduces errors. It can also occur when defaults are used for security settings.
Security misconfiguration flaws give attackers unauthorized access to system data and functionality. Occasionally, such flaws can lead to severe consequences; for example, a complete system compromise. The business impact can be great or small depending on the protection needs of the application and data.