Subscribe to the CyberThreatPOV Podcast

Episode 183: OWASP Top 10 Part 2 – Security Misconfigurations That Get You Hacked

In this episode of The Cyber Threat Perspective, we continue our breakdown of the OWASP Top 10 by focusing on security misconfigurations. Learn why these vulnerabilities are common, how they happen, and what you can do to avoid them in your own web applications.

  • What the OWASP Top 10 is and why security misconfiguration is often misunderstood
  • Real-world examples of misconfigurations, from open S3 buckets to hardcoded credentials
  • The two main causes: convenience (“laziness”) vs. not knowing (“ignorance”)
  • Why verbose error messages and default settings can expose your organization
  • Practical steps and resources for locking down your web application’s architecture securely

Resources mentioned:

Need a web application pen test? Reach out: Offensive Security – SecurIT360

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov

Follow Spencer on social ⬇
Spencer’s Links: https://spenceralessi.com

Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.