This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Secure Configuration Guide

From OWASP
Revision as of 12:38, 24 May 2015 by Alexander Antukh (talk | contribs) (current status)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Welcome on the page of Secure Configuration Guide!

Project description is available here: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide

When editing the page, please follow the page structure, described in Template:OWASP Secure Configuration Guide

Table of Contents

1. Introduction

1.1. The OWASP Secure Configuration Guide

1.2. Misconfiguration. Defender's point

1.3. Misconfiguration. Attacker's point


2. Web servers misconfiguration

2.1. Apache - started

2.2. IIS - started

2.3. nginx - started

2.4. GWS - NOT STARTED

2.5. IBM HTTP Server - started

2.6 lighttpd - NOT STARTED

2.7 New OpenBSD HTTPD Webserver - started

3. Application servers misconfiguration

3.1. Apache Tomcat - NOT STARTED

3.2. Borland Enterprise Server - NOT STARTED

3.3. ColdFusion - NOT STARTED

3.4. IBM WebSphere Application Server - NOT STARTED

3.5. JBoss Enterprise Application Platform - NOT STARTED

3.6. Jetty - NOT STARTED

3.7. SAP NetWeaver Application Server - NOT STARTED

3.8. Oracle Application Server - NOT STARTED

3.9. Oracle WebLogic Server - NOT STARTED

3.10. Oracle GlassFish Server - NOT STARTED

4. Web frameworks misconfiguration

4.1. Apache Struts - NOT STARTED

4.2. ASP.NET - completed, needs to be reviewed

4.3. CakePHP - NOT STARTED

4.4. CodeIgniter - NOT STARTED

4.5. Django - started

4.6. Lithium - NOT STARTED

4.7. Ruby on Rails - NOT STARTED

4.8. Spring - NOT STARTED

4.9. Symfony - NOT STARTED

4.10. Zend - NOT STARTED

5. CMS misconfiguration

5.1. Bitrix - NOT STARTED

5.2. Drupal - started

5.3. Joomla - started

5.4. Magento - NOT STARTED

5.5. OpenCart - NOT STARTED

5.6. phpBB - NOT STARTED

5.7. Shopify - NOT STARTED

5.8. TYPO3 - NOT STARTED

5.9. vBulletin - NOT STARTED

5.10. Wordpress - started

6. Crypto misconfiguration

Hardening


Testing Crypto Config

7. Services

7.1. VNC - srsly.de ;)

SSH

RDP

7.2 to be complemented later

8. Devices

8.1. BIG-IP - completed, to be reviewed

8.2. Routers - create list!

8.3. Firewalls - create list!

8.4. to be complemented later