Difference between revisions of "Template:OWASP Secure Configuration Guide"

Latest revision as of 09:47, 8 December 2014

Secure Configuration Guide page structure is presented below. Please use the template to make the Guide more clean and unified.

A detailed description of the product (can be taken from the official website)

%ProductName% allows unauthorized attacker to list all users of the system ...

// Detailed description of the impact. Is it enabled by default? Vulnerable versions.

In order to test for %Misconfiguration_1%, one should ...

// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!

Initial/common value of parameter "listUsers" from config.xml is set to "true".

To assess the vulnerability it is enough to change the value to false:

<security>
	<listUsers>false</listUsers>
</security>

...

// please also include links to already existing OWASP pages!

@@ Line 22: / Line 22: @@
 %ProductName% allows unauthorized attacker to list all users of the system ...
-// Detailed description of the impact. Is it enabled by default?
+// Detailed description of the impact. Is it enabled by default? Vulnerable versions.
 ==== How to test ====
@@ Line 28: / Line 28: @@
 In order to test for %Misconfiguration_1%, one should ...
-// Please include the screenshots and widely known tools/scanners!
+// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!
 ==== Remediation ====