Security Misconfigurations

Distinct as these can occur when security could've been configured properly but was not.

These include:

• Poorly configured permissions on cloud services like S3 buckets
• Unnecessary enabled features like services, pages, accounts or privileges
• Default accounts with unchanged passwords
• Error messages that're overly detailed and become info disclosure vulns
• Not using HTTP security headers or revealing too much information through them