Security Glossary

Definition

What is Security Misconfiguration?

The most prevalent web application vulnerability class, arising from incorrectly configured cloud services, application frameworks, databases, web servers, or network infrastructure. Common examples include default credentials left unchanged, overly permissive S3 bucket policies, unnecessary features enabled, verbose error messages exposing stack traces, and missing HTTP security headers. Security misconfiguration topped the OWASP Top 10 in 2021 and is frequently the easiest vulnerability to discover and exploit in a penetration test.

Related terms

Put this into practice
Autonomous OWASP vulnerability scanning
See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.