Security Misconfiguration
mediummisconfiguration
Insecure default configurations or incomplete setup creates security vulnerabilities
Information DisclosureElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1574 | Hijack Execution Flow | Defense Evasion |
| T1562 | Impair Defenses | Defense Evasion |
Common Weakness Enumeration
Mitigating controls
ctrl-misconf-1- Implement infrastructure as code with security baselines
ctrl-misconf-2- Perform regular security configuration audits
ctrl-misconf-3- Use automated configuration scanning tools
ctrl-misconf-4- Disable unnecessary services and features
ctrl-misconf-5- Follow cloud provider security best practices