🍡[Severity 6] Security Misconfiguration

Notes about Security Misconfiguration.

Security Misconfiguration occurs when security was configured, but not properly.

They can include poorly configured permissions on cloud services such as S3, having unnecessary features enabled like services, pages, or accounts, default accounts with unchanged passwords, error messages that are overly detailed, not using HTTP security headers.

Practical

To hack into the pensive notes web app, I used the hint to start looking for the webapp's source code on GitHub.