Security Misconfiguration refers to improper or default security settings in applications, frameworks, web servers, databases, or cloud services. It’s a broad category that includes things like unnecessary features enabled (e.g., debug mode), overly permissive permissions, missing security headers, outdated software, or exposed admin interfaces. These misconfigurations create entry points for attackers to exploit. Causes often include human error, lack of hardening, or poor visibility into deployed environments.
