security-misconfiguration
Safeguard articles tagged "security-misconfiguration" — guides, analysis, and best practices for software supply chain and application security.
5 articles
OWASP A05: Security Misconfiguration — A Deep-Dive Guide
Security Misconfiguration ranks #5 in the OWASP Top 10 (2021) and absorbed XXE. A deep dive into defaults, exposed services, real CVEs, and how to fix them.
API Security Misconfiguration
API misconfigurations exposed 37M T-Mobile and 9.8M Optus accounts without a single exploit. Here's why it keeps happening and how to stop it.
Security Misconfiguration in APIs
Optus, T-Mobile, Peloton, and USPS were all breached through misconfigured APIs, not exploits. Here's what causes it, what it costs, and how to catch it first.
Insecure Default Configurations in Applications and Frame...
Insecure default configurations caused the 2016 MongoDB ransom wave, the 2018 Tesla Kubernetes breach, and countless audit failures. Here's why defaults stay dangerous and how to fix it.
Security Misconfiguration Checklist: The Low-Hanging Fruit Attackers Love
Misconfigurations are the easiest vulnerabilities to find and exploit. Here is a practical checklist for web servers, frameworks, cloud services, and databases.