This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:OWASP Secure Configuration Guide"

From OWASP
Jump to: navigation, search
(Created page with "<includeonly> <b>This article is part of the OWASP Secure Configuration Guide.</b><br /> Back to the OWASP Secure Configuration Guide ToC: https://www.owasp.org/index.ph...")
 
(How to test)
 
(2 intermediate revisions by the same user not shown)
Line 22: Line 22:
 
%ProductName% allows unauthorized attacker to list all users of the system ...
 
%ProductName% allows unauthorized attacker to list all users of the system ...
  
// Detailed description of the impact.
+
// Detailed description of the impact. Is it enabled by default? Vulnerable versions.
  
 
==== How to test ====
 
==== How to test ====
Line 28: Line 28:
 
In order to test for %Misconfiguration_1%, one should ...
 
In order to test for %Misconfiguration_1%, one should ...
  
// Please include the screenshots and widely known tools/scanners!
+
// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!
  
 
==== Remediation ====
 
==== Remediation ====

Latest revision as of 09:47, 8 December 2014


Secure Configuration Guide page structure is presented below. Please use the template to make the Guide more clean and unified.


Summary

A detailed description of the product (can be taken from the official website)

Common Misconfigurations

Misconfiguration 1

Description

%ProductName% allows unauthorized attacker to list all users of the system ...

// Detailed description of the impact. Is it enabled by default? Vulnerable versions.

How to test

In order to test for %Misconfiguration_1%, one should ...

// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!

Remediation

Initial/common value of parameter "listUsers" from config.xml is set to "true".

To assess the vulnerability it is enough to change the value to false:

<security>
	<listUsers>false</listUsers>
</security>

Misconfiguration 2

...


References

http://official.documentation/documentation.pdf

// please also include links to already existing OWASP pages!