This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Secure Configuration Guide"

From OWASP
Jump to: navigation, search
m
(Updated table of contents)
Line 12: Line 12:
 
'''1.2. Misconfiguration. Defender's point'''
 
'''1.2. Misconfiguration. Defender's point'''
  
'''1.3. Misconfiguration. Attacker's point"
+
'''1.3. Misconfiguration. Attacker's point'''
  
== 2. Common misconfigurations ==
 
'''2.1. Servers'''
 
  
'''2.2. Web frameworks'''
+
== 2. Web servers misconfiguration ==
  
'''2.3. Crypto'''
+
'''2.1. Apache'''
  
'''2.4. Services'''
+
'''2.2. IIS'''
  
'''2.5. Devices'''
+
'''2.3. nginx'''
 +
 
 +
'''2.4. GWS'''
 +
 
 +
'''2.5. IBM HTTP Server'''
 +
 
 +
 
 +
== 3. Application servers misconfiguration ==
 +
 
 +
'''3.1. Apache Tomcat'''
 +
 
 +
'''3.2. Borland Enterprise Server'''
 +
 
 +
'''3.3. ColdFusion'''
 +
 
 +
'''3.4. IBM WebSphere Application Server'''
 +
 
 +
'''3.5. JBoss Enterprise Application Platform'''
 +
 
 +
'''3.6. Jetty'''
 +
 
 +
'''3.7. SAP NetWeaver Application Server'''
 +
 
 +
'''3.8. Oracle Application Server'''
 +
 
 +
'''3.9. Oracle WebLogic Server'''
 +
 
 +
'''3.10. Oracle GlassFish Server'''
 +
 
 +
 
 +
== 4. Web frameworks misconfiguration ==
 +
 
 +
'''4.1. Apache Struts'''
 +
 
 +
'''4.2. ASP.NET '''
 +
 
 +
'''4.3. CakePHP'''
 +
 
 +
'''4.4. CodeIgniter'''
 +
 
 +
'''4.5. Django'''
 +
 
 +
'''4.6. Lithium'''
 +
 
 +
'''4.7. Ruby on Rails'''
 +
 
 +
'''4.8. Spring'''
 +
 
 +
'''4.9. Symfony'''
 +
 
 +
'''4.10. Zend'''
 +
 
 +
 
 +
== 5. CMS misconfiguration ==
 +
 
 +
'''5.1. Bitrix'''
 +
 
 +
'''5.2. Drupal'''
 +
 
 +
'''5.3. Joomla'''
 +
 
 +
'''5.4. Magento'''
 +
 
 +
'''5.5. OpenCart'''
 +
 
 +
'''5.6. phpBB'''
 +
 
 +
'''5.7. Shopify'''
 +
 
 +
'''5.8. TYPO3'''
 +
 
 +
'''5.9. vBulletin'''
 +
 
 +
'''5.10. Wordpress'''
 +
 
 +
 
 +
== 6. Crypto misconfiguration  ==
 +
 
 +
'''6.1 to be complemented later'''
 +
 
 +
 
 +
== 7. Services ==
 +
 
 +
'''7.1 to be complemented later'''
 +
 
 +
 
 +
== 8. Devices ==
 +
 
 +
'''8.1. Routers'''
 +
 
 +
'''8.2. Firewalls '''
 +
 
 +
'''8.3. to be complemented later'''
  
  
  
 
[[Category:OWASP Project]]  [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
 
[[Category:OWASP Project]]  [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Revision as of 19:51, 1 December 2014

Welcome on the page of Secure Configuration Guide!

Project description is available here: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide


Table of Contents

1. Introduction

1.1. The OWASP Secure Configuration Guide

1.2. Misconfiguration. Defender's point

1.3. Misconfiguration. Attacker's point


2. Web servers misconfiguration

2.1. Apache

2.2. IIS

2.3. nginx

2.4. GWS

2.5. IBM HTTP Server


3. Application servers misconfiguration

3.1. Apache Tomcat

3.2. Borland Enterprise Server

3.3. ColdFusion

3.4. IBM WebSphere Application Server

3.5. JBoss Enterprise Application Platform

3.6. Jetty

3.7. SAP NetWeaver Application Server

3.8. Oracle Application Server

3.9. Oracle WebLogic Server

3.10. Oracle GlassFish Server


4. Web frameworks misconfiguration

4.1. Apache Struts

4.2. ASP.NET

4.3. CakePHP

4.4. CodeIgniter

4.5. Django

4.6. Lithium

4.7. Ruby on Rails

4.8. Spring

4.9. Symfony

4.10. Zend


5. CMS misconfiguration

5.1. Bitrix

5.2. Drupal

5.3. Joomla

5.4. Magento

5.5. OpenCart

5.6. phpBB

5.7. Shopify

5.8. TYPO3

5.9. vBulletin

5.10. Wordpress


6. Crypto misconfiguration

6.1 to be complemented later


7. Services

7.1 to be complemented later


8. Devices

8.1. Routers

8.2. Firewalls

8.3. to be complemented later