application-security

Security Misconfiguration

Definition

Security misconfiguration is the most commonly found vulnerability class, encompassing improperly configured permissions, enabled default credentials, unnecessary services, verbose error messages, and missing security headers. It appears consistently in the OWASP Top 10 because misconfigurations are easy to introduce and difficult to detect through traditional code review.

Automated configuration scanning and infrastructure-as-code policy enforcement are primary mitigations.

Related Terms

OWASP Top 10

Defense in Depth

SSDLC

Secure Software Development Lifecycle

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product