Security Misconfiguration (OWASP A06)

Detect and fix insecure default configurations, missing security headers, exposed debug info, and cloud misconfigurations.

When to Use

• Configuring web servers (Nginx, Apache)
• Setting up cloud resources (AWS, GCP, Azure)
• Deploying applications to production
• Reviewing security headers
• Auditing CORS configuration
• Checking for exposed sensitive endpoints

Common Misconfigurations