A05 - Security Misconfiguration

Introduction and background

When creating the list for OWASP TOP 10, 90% of applications were tested for misconfiguration. The average incidence rate of 4%, and it was over 208k occurences of a Common Weakness Enumeration (CWE) in this risk category. With more shifts into highly configurable software, it's not surprising to see this category moving up in the list.

CWEs

Notable Common Weakness Enumerations (CWEs):

CWE-16: Configuration
CWE-611: Improper Restriction of XML External Entity Reference

CVEs

CWE-16
CWE-611

Examples of attacker scenarios using juice shop

Error Handling - Provoke an error that is neither very gracefully nor consistently handled.
Deprecated Interface - Use a deprecated B2B interface that was not properly shut down.

Primary defenses

More info in OWASP's e.g. Error handling cheat sheet

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

A05 - Security Misconfiguration

Introduction and background

CWEs

CVEs

Examples of attacker scenarios using juice shop

Primary defenses

Files

README.md

Latest commit

History

README.md

File metadata and controls

A05 - Security Misconfiguration

Introduction and background

CWEs

CVEs

Examples of attacker scenarios using juice shop

Primary defenses