Professional Documents
Culture Documents
Security Misconfiguration happens more often in every places. Which leads an attacker to have
access to resources that he is not supposed to have. This vulnerability is in top ten of the OWASP
project. Web application must properly configured with advised security and it must be checked,
security controls must be implemented from the developing phase itself to prevent the application
from attacks and unauthorized access.
DESCRIPTION
Security controls must be carried out in every step while implementing a web
application, network infrastructure, servers, and every part of an application. This vulnerability is so
common everywhere which can take down a company who thought that every security control has
been implemented but they did not know it was misconfigured. Leaving a default credential for a
well-known open service will lead an attacker to gain a remote connection through that service.
Leaving a admin page with default password can lead to persistent damage to the application.
Default accounts are not changed, an attacker will find the default
admin page on the server with default password.
Showing extra information on the error pages, which is used for the
attacker to enumerate more about the application.
MITIGATION