• What Are Security Misconfigurations?

    Security misconfiguration occurs when security settings are not adequately defined in the configuration process or maintained and deployed with default settings. This might impact any layer of the application stack, cloud or network. Misconfigured clouds are a central cause of data breaches, costing organizations millions of dollars. 

    Vulnerabilities are generally introduced during configuration. Typical misconfiguration vulnerabilities occur with the use of the following:

    • Defaults—including passwords, certificates and installation
    • Deprecated protocols and encryption
    • Open database instances
    • Directory listing—this should not be enabled 
    • Error messages showing sensitive information
    • Misconfigured cloud settings
    • Unnecessary features—including pages, ports and command injection