OWASP Top 10

Misconfiguration Lab Navigation

Use this area for weak headers, poor defaults, exposed internals, and deployment mistakes that turn operational shortcuts into real attack paths.

Audit a weak response, apply safe browser headers, and harden the baseline before launch.

Use vendor-supplied credentials that were never changed and reach the exposed appliance admin console.

Reach an exposed debug route, trigger verbose mode, and leak production secrets through a trace response.

Enumerate a browsable public directory, pivot into backup storage, and retrieve a sensitive leaked file.