Web Security

Security Misconfiguration

Risk: Improperly configured security settings. Covers default credentials, unnecessary features, and poor configuration management.

WEB-CONFIG-01Module ID
Hands-onLab Type
Beginner+Level
Start Learning All Modules

Overview

Audit configuration, enforce secure defaults, and add protective headers and baseline hardening.

Learning Outcomes

  • Identify and remove insecure defaults
  • Enable essential security headers
  • Harden frameworks and admin surfaces
  • Apply least privilege to services
  • Track drift with configuration-as-code

Hands-on Labs

Harden a sample app and verify via scanners and headers inspection.

Hardening

Implement secure templates and automated checks in CI.

Launch OS3 Locally View on GitHub