What's Security Misconfiguration?


28 Mar 2020
Hello precious Turk Hack Team Family! In this topic, you will learn "Security Misconfiguration". It's a vulnerability which is in OWASP "Top Ten" project.



The Security Misconfiguration vulnerability is a vulnerability in the OWASP "Top Ten" project. This is caused by unnecessary (extra) add-ons in an open system, not updated system and default admin / user accounts. It can be detected in any misconfigured part of the website.


What does it do?

The Security Misconfiguration vulnerability can occur on any part of an application stack, including network services, platform, web server, application server, database, frameworks, custom code, and pre loaded virtual machines, containers, or storage. Automated scanners prevent misconfigurations, use of default accounts or configurations, unnecessary services, outdated options, etc. It is useful for detecting.

How can we protect ourselves?

In order not to be a victim of this vulnerability, you can do the thing that listed below. You can be sure that it will help you a lot :);

  • Remove unnecessary features, components, dõcuments, and unused features.
  • Review and update appropriate configurations for all security notes, updates and patches, and review cloud storage permissions.
  • Update the entire system to prevent other vulnerabilities and this one.
  • Remove unnecessary plug ins.


Yes, we're at the end. If you're thinking that this topic is too short, please read this; I searched, but since this is not a well-known vulnerability, I could not find many sources, and I will try to add it to the topic when there is more information about it. Stay safe!​
