Top 10 2010-A6-Security Misconfiguration


 * OWASP Development Guide: Chapter on Configuration
 * OWASP Code Review Guide: Chapter on Error Handling
 * OWASP Testing Guide: Configuration Management
 * OWASP Testing Guide: Testing for Error Codes
 * OWASP Top 10 2004 - Insecure Configuration Management

For additional requirements in this area, see the ASVS requirements area for Security Configuration (V12)


 * PC Magazine Article on Web Server Hardening
 * CWE Entry 2 on Environmental Security Flaws
 * CIS Security Configuration Guides/Benchmarks