Tips to Avoid Security Misconfiguration
An application or a platform, database, web server or even a custom code that is insecurely configured can be a vulnerability. The type of misconfiguration decides the impact and potential consequence. A misconfiguration can be used to perpetrate a bigger attack.
Here are some actions you can take:
1. See if your software – including operating systems, applications, database management systems and web or app servers – are up to date.
2. Check if there any default accounts, and whether their passwords have been changed. Default credentials are bound to invite trouble.
3. Do you have any unnecessary or potentially unsafe features installed? For instance, an application may have a debug feature that could allow attackers to bypass authentication to access sensitive information.
4. Do you have directory listing enabled on the server, which can provide enough information to launch attacks?
5. Conduct scheduled vulnerability scans and security audits to catch misconfiguration in a timely manner.