Security Misconfiguration

Security misconfiguration is the state of a web application when it's vulnerable to attack due to an insecure configuration. It results primarily from human error, not the technology that the humans installd. Examples include running systems using default pass ors and default configuration files. To reduce the probability of these kinds of errors, follow a zero trust strategy and reduce the attack surface.