Security misconfiguration is the most common issue.
It often results from:
insecure, incomplete, or ad-hoc default configurations;
storing data in the cloud without protection;
improperly configured HTTP headers;
error messages that reveal sensitive information.
Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must also be updated regularly and in a timely manner.
| OWASP Top 10 Application Security Risks - 2017 | Reference |
|---|---|
| A6:2017-Security Misconfiguration | OWASP |
Proper configuration of the tools used starts with understanding them, followed by thorough study, and then formalizing specific requirements and best practices according to the mission we aim to achieve.
These practices should not be discarded but reused and improved whenever relevant.Francesco Ongaro
