SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP10 Configuration

What this means

SiteShadow flagged configuration defaults or environment-specific settings that can create security risk (debug features enabled, permissive CORS, weak headers, unsafe deployment flags, overly broad permissions).

Why it matters

Misconfiguration is a common source of security incidents.

Safer examples

1) Use "secure by default" configuration

Disable debug modes, disable directory listings, require auth, and set safe security headers.

2) Make risky settings explicit and environment-scoped

Only allow insecure toggles in local/dev, and make production refuse to start if they're enabled.

3) Automate configuration checks in CI/CD

Validate IaC/K8s/Docker settings and enforce security gates (see CICD01 / K8S01-04).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.