Closed jhaddix closed 6 years ago
Hi Jason, thank you very much for your suggestions. The page is already very crowded, but I'll see if I can get some more generalized issues from your list into the security weakness section. Cheers Torsten
I think we've seen mention of AWS misconfiguration of S3 in another issue. Out of the list @jhaddix has, that's the one I think is most important.
We could add some more general examples to the 'security weakness' section (in italic text). I am sorry there seems not to be enough space fo all topics: (1) "Security misconfiguration can happen at any level of an application stack, including the , network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers or storage. Automated scanners are useful for detecting misconfigurations, use of default accounts or configurations, unnecessary services, legacy options etc. OR we can add something like : (2) "All stages of software environments may be affected from development to production."
I'd like to open the discussion, what helps the most. Cheers Torsten
We will do version (1)
Fits also to the comment about T10 in #279 Fixed by the commit above (c8f1b28).
There are a number of very prevalent issues which could loosely be defined under "Security Misconfiguration", is it possible to mention these at least in the description in the PDF?
See this poll:
https://twitter.com/Jhaddix/status/924304015856242688