Security Misconfiguration

Security Misconfiguration image
Analogy:
You bought a fancy smart lock… and left the default password as admin123. It’s like building a bank vault and taping the key to the front door.

What’s happening:
This is when your app or system is set up in an insecure way — usually by accident. Default settings, unnecessary services, verbose error messages—config is messy, and attackers love that. It’s not a flaw in the app; it’s a flaw in how the app was set up.

Test Like This:
Check for open ports, directory listings, or debug messages.

Pro tip:
Now every application uses frameworks. Go to the default sensitive pages of that framework. Most developers miss that.
Explore MoT
QA Leadership Summit - The AI-Native Edge: Leading the Future of QA image
QALS Summer 2026: a leadership summit to move beyond AI testing pilots and build production-ready, AI-first QA organizations - powered by the BrowserStack AI Test Platform and 25+ connected AI agents
MoT Software Testing Essentials Certificate image
Boost your career in software testing with the MoT Software Testing Essentials Certificate. Learn essential skills, from basic testing techniques to advanced risk analysis, crafted by industry experts.
Into The Motaverse image
Into the MoTaverse is a podcast by Ministry of Testing, hosted by Rosie Sherry, exploring the people, insights, and systems shaping quality in modern software teams.
Subscribe to our newsletter