Secure Configuration Guide

Welcome on the page of Secure Configuration Guide!

Project description is available here: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide

When editing the page, please follow the page structure, described in Template:OWASP Secure Configuration Guide

= Table of Contents =

1. Introduction
1.1. The OWASP Secure Configuration Guide

'''1.2. Misconfiguration. Defender's point'''

'''1.3. Misconfiguration. Attacker's point'''

2. Web servers misconfiguration
2.1. Apache - started

2.2. IIS - started

2.3. nginx - started

2.4. GWS - NOT STARTED

2.5. IBM HTTP Server - started

2.6 lighttpd - NOT STARTED

2.7 New OpenBSD HTTPD Webserver - started

3. Application servers misconfiguration
3.1. Apache Tomcat - NOT STARTED

3.2. Borland Enterprise Server - NOT STARTED

3.3. ColdFusion - NOT STARTED

3.4. IBM WebSphere Application Server - NOT STARTED

3.5. JBoss Enterprise Application Platform - NOT STARTED

3.6. Jetty - NOT STARTED

3.7. SAP NetWeaver Application Server - NOT STARTED

3.8. Oracle Application Server - NOT STARTED

3.9. Oracle WebLogic Server - NOT STARTED

3.10. Oracle GlassFish Server - NOT STARTED

4. Web frameworks misconfiguration
4.1. Apache Struts - NOT STARTED

4.2. ASP.NET - completed, needs to be reviewed

4.3. CakePHP - NOT STARTED

4.4. CodeIgniter - NOT STARTED

4.5. Django - started

4.6. Lithium - NOT STARTED

4.7. Ruby on Rails - NOT STARTED

4.8. Spring - NOT STARTED

4.9. Symfony - NOT STARTED

4.10. Zend - NOT STARTED

5. CMS misconfiguration
5.1. Bitrix - NOT STARTED

5.2. Drupal - started

5.3. Joomla - started

5.4. Magento - NOT STARTED

5.5. OpenCart - NOT STARTED

5.6. phpBB - NOT STARTED

5.7. Shopify - NOT STARTED

5.8. TYPO3 - NOT STARTED

5.9. vBulletin - NOT STARTED

5.10. Wordpress - started

6. Crypto misconfiguration
Hardening
 * Applied Crypto Hardening General Hardening

Testing Crypto Config
 * Testing for SSL-TLS OWASP-CM-001
 * Digicert Testing Suite
 * SSL Labs SSL Test

7. Services
7.1. VNC - srsly.de ;)

SSH

RDP

7.2 to be complemented later

8. Devices
8.1. BIG-IP - completed, to be reviewed

8.2. Routers - create list!

8.3. Firewalls  - create list!

8.4. to be complemented later