What is Security Misconfiguration?
In layman's terms, security misconfiguration is failing to implement appropriate security controls for web or server applications. It could also mean implementing the security controls with errors. Often what companies may conclude as safe or unnecessary can expose them to dangerous risks. When configuration settings do not comply with industry security standards (OWASP top 10, and CIS benchmarks) it leads to security misconfigurations. Misconfigurations are targets for attackers to detect. Exploits on misconfigured web applications are common. An example of a catastrophic data leakage caused due to security misconfigurations was the Teletext exposure wherein 530,000 data files were leaked. This data leakage was caused due to insecurely configured Amazon Web Services (AWS).
