A5 – Basic security configuration guide
Default configurations of systems, including operating systems and Web servers, are mostly created to demonstrate and highlight their basic or most relevant features, not to be secure or protect them from attacks.
Some common default configurations that may compromise the security are the default administrator accounts created when the database, web server, or CMS was installed, and the default administration pages, default error messages with stack traces, among many others.
In this recipe, we will cover the fifth most critical vulnerability in the OWASP top 10, Security Misconfiguration.
How to do it...
- If possible, delete all the administrative applications such as Joomla's admin, WordPress' admin, PhpMyAdmin, ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.