# A05 - Security Misconfiguration

## Description
Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information.

## Common Vulnerabilities
- Default credentials
- Unnecessary features enabled
- Missing security headers
- Verbose error messages
- Outdated software
- Directory listing enabled

## Testing Approach
Check for default configurations, analyze HTTP headers, test for information disclosure, and verify security settings.