OWASP In Depth: A05:2021 – Security Misconfiguration

From Insecure Design last week to Insecure Configuration this week!

Greetings, my friends! Since we looked at Insecure Design, it seems quite appropriate that risk #5 is Insecure Configuration Security Misconfiguration¹. This is a rather interesting one that encompasses a bunch of different areas, so let’s dig right in and see what we can learn.

Don’t forget to subscribe, if you haven’t already, so you don’t miss the rest of the series! You can also find all of the previous OWASP Top 10 posts here.

🕵️ The first few months of next year are filling up, so if you’re thinking about a Security Audit for your app, reach out today so we can book it in! 🕵️

Looking to learn more?
⏩ Security Tip #7: Validating User Input
▶️ In Depth #2: SQL Injection

---

A05:2021 – Security Misconfiguration

Unlike last week’s bleak view on insecure design (spoiler: “cannot be fixed”), Security Misconfiguration is focused on missing, incomplete, or inappropriate configurations that can result in security risks. These risks present themselves in different ways across your app, some of which can be trivially solved, while others may take more time.

The OWASP Guide provides a rather nice description of different areas to be aware of, so let’s work our way through their list and link each up to practical solutions you can use in your apps.