Insecure Defaults Detection

When to Use

• Auditing application or framework default configurations
• Reviewing deployment configs (Docker, Kubernetes, cloud)
• Checking for debug modes, default credentials, or open endpoints in production
• Hardening new service deployments
• Reviewing infrastructure-as-code for permissive defaults

When NOT to Use

• Runtime vulnerability scanning (use DAST tools)
• Source code logic bugs (use static analysis)
• Network-level security testing

Common Insecure Defaults by Category