Back to Catalog
Owasp Security
top10_2025
A02:2025 - Security Misconfiguration
Insecure default or incomplete configurations in modern software environments.
Intent & Description
'
🎯 Intent
Ensure all components of the application stack are securely configured and hardened.
📋 Context
Modern software relies on complex configurations across cloud services, frameworks, containers, and APIs. Default settings are often insecure, and incomplete configurations create exploitable gaps.
💡 Solution
Implement repeatable hardening processes. Remove unnecessary features, frameworks, and accounts. Review and update configurations regularly. Use infrastructure as code for consistent deployments.'
Real-world Use Case
Use when deploying applications to ensure all layers of the stack - from OS to cloud services - are properly secured.
📌 TL;DR
Harden all configuration layers. Remove defaults, disable unused features, and automate configuration management.
Advantages
- Reduces attack surface
- Prevents information leakage
- Ensures consistent security posture
- Enables automated compliance checking
Disadvantages
- Requires ongoing maintenance
- Configuration drift can reintroduce vulnerabilities
- Cloud environments add complexity