A6: Security Misconfiguration

App Specific

Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc to gain unauthorized access or knowledge of the system.


Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers, or storage.

Automated scanners are useful for detecting misconfigurations, use of default accounts or configurations, unnecessary services, legacy options, etc.


Such flaws frequently give attackers unauthorized access to some system data or functionality. Occasionally, such flaws result in a complete system compromise. The business impact depends on the protection needs of the application and data.

The application might be vulnerable if the application is:

  • Missing appropriate security hardening across any part of the application stack, or improperly configured permissions on cloud services.

  • Unnecessary features are enabled or installed (e.g. unnecessary ports, services, pages, accounts, or privileges).

  • Default accounts and their passwords still enabled and unchanged.

  • Error handling reveals stack traces or other overly informative error messages to users.

  • For upgraded systems, latest security features are disabled or not configured securely.

  • The security settings in the application servers, application frameworks (e.g. Struts, Spring, ASP.NET), libraries, databases, etc. not set to secure values.

  • The server does not send security headers or directives or they are not set to secure values

  • The software is out of date or vulnerable

How to detect this security problem?

Valency Networks technical team is highly capable of running app scans and also perform manual vulnerability assessment to find this security problem. We can also help you re-design the code component or provide inputs towards successful fixation.

Contact us for more details

What Our Customers Say?

Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.