Security misconfiguration — saitattun saitunan, abubuwan da ba a canja su, ko saitattun tsarin — shine ɗaya daga cikin mafi yawan rashin lafiyar tsaro (OWASP Top 10 risk). Yana haɗa da abubuwan da aka fallasa, abubuwan da ba a bukatar su, kididdigar bayani masu tsari, da waɗanda ba su da gogewa. Guje ita yana buƙatar saitattun, ƙudɗi sasakke saiti.
Saitattun saitunan da aka saba
✗ INSECURE DEFAULTS left unchanged → default passwords, default accounts, sample content
✗ Unnecessary FEATURES/services/ports enabled → larger attack surface
✗ VERBOSE ERRORS in production → stack traces leaking internal details to attackers
✗ Missing SECURITY HEADERS; misconfigured CORS (allow-all); directory listing enabled
✗ Exposed admin/management interfaces or debug endpoints publicly
✗ Cloud misconfigs → public storage buckets, open databases, over-permissive access
✗ Outdated software / unpatched systems; overly permissive file/access permissions
