Security Misconfiguration

Security misconfiguration is often the outcome of using default configurations or displaying excessively verbose errors. For example, an application may show a user over descriptive errors which may reveal vulnerabilities in the application.

Also this vulnerability pops up due to the improper implementation of a wide variety of controls such as misconfiguring security headers, ignoring verbose error messages leaking sensitive information, neglecting to patch or upgrade systems.

Description

Remediation Techniques:

Implement a secure installation process, including a system hardening process.
Do not install any unnecessary, unused features or frameworks.
Follow a “segmented application architecture” like segmentation, containerization or ACLs which are usually available from reputed cloud service providers.
Also make sure to review all permissions, update configurations, and install patches.
Dynamic application security testing can be used to detect such misconfigurations.

Description

Related products

Broken Access Control

Sensitive Data Exposure