Secure Configuration Guide

Welcome on the page of Secure Configuration Guide!

Project description is available here: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide

When editing the page, please follow the page structure, described in Template:OWASP Secure Configuration Guide

= Table of Contents =

1. Introduction
1.1. The OWASP Secure Configuration Guide

'''1.2. Misconfiguration. Defender's point'''

'''1.3. Misconfiguration. Attacker's point'''

2. Web servers misconfiguration
2.1. Apache

2.2. IIS

2.3. nginx

2.4. GWS

2.5. IBM HTTP Server

2.6 lighttpd

2.7 New OpenBSD HTTPD Webserver

3. Application servers misconfiguration
3.1. Apache Tomcat

3.2. Borland Enterprise Server

3.3. ColdFusion

3.4. IBM WebSphere Application Server

3.5. JBoss Enterprise Application Platform

3.6. Jetty

3.7. SAP NetWeaver Application Server

3.8. Oracle Application Server

3.9. Oracle WebLogic Server

3.10. Oracle GlassFish Server

4. Web frameworks misconfiguration
4.1. Apache Struts

4.2. ASP.NET

4.3. CakePHP

4.4. CodeIgniter

4.5. Django

4.6. Lithium

4.7. Ruby on Rails

4.8. Spring

4.9. Symfony

4.10. Zend

5. CMS misconfiguration
5.1. Bitrix

5.2. Drupal

5.3. Joomla

5.4. Magento

5.5. OpenCart

5.6. phpBB

5.7. Shopify

5.8. TYPO3

5.9. vBulletin

5.10. Wordpress

6. Crypto misconfiguration
The most comprehensive guide found so far:

https://bettercrypto.org/static/applied-crypto-hardening.pdf

7. Services
7.1. VNC - srsly.de ;)

SSH

RDP

7.2 to be complemented later

8. Devices
8.1. BIG-IP

8.2. Routers

8.3. Firewalls 

8.4. to be complemented later