This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Template:OWASP Secure Configuration Guide

Revision as of 08:58, 4 December 2014 by Alexander Antukh (talk | contribs) (Created page with "<includeonly> <b>This article is part of the OWASP Secure Configuration Guide.</b><br /> Back to the OWASP Secure Configuration Guide ToC:")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Secure Configuration Guide page structure is presented below. Please use the template to make the Guide more clean and unified.


A detailed description of the product (can be taken from the official website)

Common Misconfigurations

Misconfiguration 1


%ProductName% allows unauthorized attacker to list all users of the system ...

// Detailed description of the impact.

How to test

In order to test for %Misconfiguration_1%, one should ...

// Please include the screenshots and widely known tools/scanners!


Initial/common value of parameter "listUsers" from config.xml is set to "true".

To assess the vulnerability it is enough to change the value to false:


Misconfiguration 2




// please also include links to already existing OWASP pages!