Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › What does the SECURITY MISCONFIGURATION category…

What does the SECURITY MISCONFIGURATION category (A05 in 2021) typically include?

AOnly firewall rules
Bdefault creds, verbose errors, unpatched
COnly encryption key rotation
DOnly user training programs
Answer & Solution
Correct answer: B. default creds, verbose errors, unpatched
1. SECURITY MISCONFIGURATION: any insecure default, missing hardening, or unnecessary feature enabled. 2. COMMON examples: • Cloud storage buckets (S3, Azure Blob) set to PUBLIC instead of private • Default admin/admin credentials never changed • Verbose stack traces in production responses • Unnecessary HTTP methods (PUT/DELETE on read-only endpoints) • Outdated software with known CVEs 3. MITIGATIONS: HARDENING guides, CIS Benchmarks, infrastructure-as-code with secure baselines, automated config scanning (CSPM tools). 4. The Capital One breach (2019) was largely a security misconfiguration of WAF rules. _Source: OWASP Top 10 2021 — A05: Security Misconfiguration._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions