A5 – Basic security configuration guide
Default configurations of systems, including operating systems and Web servers, are mostly created to demonstrate and highlight their basic or most relevant features, not to be secure or protect them from attacks.
Some common default configurations that may compromise the security are the default administrator accounts created when the database, web server, or CMS was installed, and the default administration pages, default error messages with stack traces, among many others.
In this recipe, we will cover the fifth most critical vulnerability in the OWASP top 10, Security Misconfiguration.
How to do it...
If possible, delete all the administrative applications such as Joomla's admin, WordPress' admin, PhpMyAdmin, or Tomcat Manager. If that is not possible, make them accessible from the local network only; for example, to deny access from outside networks to PhpMyAdmin in an Apache server, modify the
httpd.conf
file (or the corresponding site configuration...