This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Secure Configuration Guide"
(→Acknowledgements) |
(→News and Events) |
||
| (20 intermediate revisions by 4 users not shown) | |||
| Line 11: | Line 11: | ||
There are small unclassified parts of info of configuration issues on OWASP currently; this project is to create unified document of issues and solutions to avoid common misconfigurations in popular frameworks, web servers, network devices and more. | There are small unclassified parts of info of configuration issues on OWASP currently; this project is to create unified document of issues and solutions to avoid common misconfigurations in popular frameworks, web servers, network devices and more. | ||
| + | |||
| + | The latest version of wiki is accessible here: | ||
| + | https://www.owasp.org/index.php/Secure_Configuration_Guide | ||
| Line 34: | Line 37: | ||
| − | == Project | + | == Project Leaders == |
* [mailto:alexander.antukh@owasp.org Alexander Antukh] | * [mailto:alexander.antukh@owasp.org Alexander Antukh] | ||
| + | * [[User:Dvvord|Eduard Kovalets]] | ||
| + | == Presentation == | ||
| + | [https://www.owasp.org/images/9/92/OWASP_Secure_Configuration.pptx Introduction to OWASP Secure Configuration Project.pptx] | ||
| + | == Related Pages == | ||
| − | + | * [https://www.owasp.org/index.php/Secure_Configuration_Guide Table of Contents] | |
| − | + | * [https://www.owasp.org/index.php/Configuration OWASP Development Guide: Chapter on Configuration] | |
| − | * [ | + | * [https://www.owasp.org/index.php/Testing_for_configuration_management OWASP Testing Guide: Configuration Management] |
| − | * [ | + | * [https://www.owasp.org/index.php/Insecure_Configuration_Management Insecure Configuration Management page ] |
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | <!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --> | ||
| valign="top" style="padding-left:25px;width:200px;" | | | valign="top" style="padding-left:25px;width:200px;" | | ||
| − | |||
| − | |||
== News and Events == | == News and Events == | ||
| − | + | * [21 April 2016] NginX Secure Configuration updated. Refer to [https://www.owasp.org/index.php/SCG_WS_nginx] | |
| + | * [20 Dec 2014] Mailing list created | ||
| + | * [19 Dec 2014] First article released | ||
* [25 Nov 2014] Project initiated | * [25 Nov 2014] Project initiated | ||
| − | |||
| − | |||
| − | |||
== In Print == | == In Print == | ||
| Line 96: | Line 100: | ||
==Contributors== | ==Contributors== | ||
| − | * [ | + | * [[User:Alexander_Antukh|Alexander Antukh]] |
| − | * | + | * [[User:Dnkolegov|Denis Kolegov]] |
| + | * [[User:Makash|Akash Mahajan]] | ||
| + | * [[User:Anant_Shrivastava|Anant Shrivastava]] | ||
| + | * [[User:Dvvord|Eduard Kovalets]] | ||
| + | * [[User:Nishanthkumarpathi|Nishanth Kumar Pathi]] | ||
| + | |||
We hope you find the information in the OWASP Secure Configuration Guide useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP SCG mailing list. Thanks! | We hope you find the information in the OWASP Secure Configuration Guide useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP SCG mailing list. Thanks! | ||
| Line 121: | Line 130: | ||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
| − | [[Category:OWASP Project]] [[Category: | + | [[Category:OWASP Project]] [[Category:OWASP_Breakers]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] |
Latest revision as of 14:09, 21 April 2016
|
The OWASP Secure Configuration GuideThere are small unclassified parts of info of configuration issues on OWASP currently; this project is to create unified document of issues and solutions to avoid common misconfigurations in popular frameworks, web servers, network devices and more. The latest version of wiki is accessible here: https://www.owasp.org/index.php/Secure_Configuration_Guide
DescriptionAll of us know such situations when robust and secure solution makes your defense even weaker if misconfigured. Nearly in every penetration testing report exists a chapter "Server/Framework/Service misconfiguration". Whereas using standard up-to-date impenetrable(*) software is certainly a good thing, one should consider proper configuration in order to verify its soundness. This project is useful for both defenders, who can learn the proper way of configuring rapidly growing number of different popular software, and attackers, as a good complement to Testing Guide.
(*) Saying "impenetrable" we mean all public vulnerabilities are patched in the most recent version. 0-days are still a threat but it's a different talk. LicensingThe OWASP Secure Configuration Guide is free to use. It is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
Project LeadersPresentationIntroduction to OWASP Secure Configuration Project.pptx
Related Pages
|
News and Events
In PrintThis project can be purchased as a print on demand book from Lulu.com
Classifications
| |||||||
