A05:2021-Security Misconfiguration
- Security Misconfiguration: Configuration errors that weaken the security posture of a system.
- Result from improperly configured settings, permissions, or access controls.
- Can expose sensitive data, services, or functionalities to unauthorized users.
- Exploiting it: Attackers can exploit misconfigurations to gain unauthorized access or execute attacks.
- Mitigation: Regularly audit configurations, follow security best practices, and automate configuration management where possible.