Securing Laravel

Securing Laravel

Share this post

Securing Laravel
Securing Laravel
OWASP In Depth: A05:2021 – Security Misconfiguration
Copy link
Facebook
Email
Notes
More

OWASP In Depth: A05:2021 – Security Misconfiguration

From Insecure Design last week to Insecure Configuration this week!

Stephen Rees-Carter's avatar
Stephen Rees-Carter
Oct 28, 2022
∙ Paid
Share

Greetings, my friends! Since we looked at Insecure Design, it seems quite appropriate that risk #5 is Insecure Configuration Security Misconfiguration1. This is a rather interesting one that encompasses a bunch of different areas, so let’s dig right in and see what we can learn.

Don’t forget to subscribe, if you haven’t already, so you don’t miss the rest of the series! You can also find all of the previous OWASP Top 10 posts here.

🕵️ The first few months of next year are filling up, so if you’re thinking about a Security Audit for your app, reach out today so we can book it in! 🕵️

Looking to learn more?
⏩ Security Tip #7: Validating User Input
▶️ In Depth #2: SQL Injection


A05:2021 – Security Misconfiguration

Unlike last week’s bleak view on insecure design (spoiler: “cannot be fixed”), Security Misconfiguration is focused on missing, incomplete, or inappropriate configurations that can result in security risks. These risks present themselves in different ways across your app, some of which can be trivially solved, while others may take more time.

The OWASP Guide provides a rather nice description of different areas to be aware of, so let’s work our way through their list and link each up to practical solutions you can use in your apps.

Keep reading with a 7-day free trial

Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 Stephen Rees-Carter
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More