Insecure Configuration

Why is this important?

PHP mostly adheres to secure defaults, but there are ways to introduce configuration issues.

Check out this video for a high-level explanation:

Fixing Insecure Configuration

Option B: Remove phpinfo()

1. Go through the issues that GuardRails identified in the PR.
2. Remove the code that has this pattern:

  phpinfo();

3. Test it
4. Ship it 🚢 and relax 🌴

More information:

• OWASP Top 10 - A6 Security Misconfiguration