This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Secure Configuration Guide"

From OWASP
Jump to: navigation, search
(7. Services)
(2. Web servers misconfiguration)
Line 28: Line 28:
  
 
'''[[SCG_WS_IBM|2.5. IBM HTTP Server]]'''
 
'''[[SCG_WS_IBM|2.5. IBM HTTP Server]]'''
 +
 +
'''[[SCG_WS_LIGHTTPD lighttpd]]'''
 +
 +
'''[[SCG_WS_OPENBSD_HTTPD New OpenBSD HTTPD Webserver]]'''
  
 
== 3. Application servers misconfiguration ==
 
== 3. Application servers misconfiguration ==

Revision as of 13:35, 14 January 2015

Welcome on the page of Secure Configuration Guide!

Project description is available here: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide

When editing the page, please follow the page structure, described in Template:OWASP Secure Configuration Guide

Table of Contents

1. Introduction

1.1. The OWASP Secure Configuration Guide

1.2. Misconfiguration. Defender's point

1.3. Misconfiguration. Attacker's point


2. Web servers misconfiguration

2.1. Apache

2.2. IIS

2.3. nginx

2.4. GWS

2.5. IBM HTTP Server

SCG_WS_LIGHTTPD lighttpd

SCG_WS_OPENBSD_HTTPD New OpenBSD HTTPD Webserver

3. Application servers misconfiguration

3.1. Apache Tomcat

3.2. Borland Enterprise Server

3.3. ColdFusion

3.4. IBM WebSphere Application Server

3.5. JBoss Enterprise Application Platform

3.6. Jetty

3.7. SAP NetWeaver Application Server

3.8. Oracle Application Server

3.9. Oracle WebLogic Server

3.10. Oracle GlassFish Server

4. Web frameworks misconfiguration

4.1. Apache Struts

4.2. ASP.NET

4.3. CakePHP

4.4. CodeIgniter

4.5. Django

4.6. Lithium

4.7. Ruby on Rails

4.8. Spring

4.9. Symfony

4.10. Zend

5. CMS misconfiguration

5.1. Bitrix

5.2. Drupal

5.3. Joomla

5.4. Magento

5.5. OpenCart

5.6. phpBB

5.7. Shopify

5.8. TYPO3

5.9. vBulletin

5.10. Wordpress

6. Crypto misconfiguration

6.1 SSL / TLS configuration

6.2 Cryptographic Password storage policy

6.3 to be complemented later

7. Services

7.1. VNC - srsly.de ;)

SSH

RDP

7.2 to be complemented later

8. Devices

8.1. BIG-IP

8.2. Routers

8.3. Firewalls

8.4. to be complemented later