Misconfigurations on the web server can create vulnerabilities that can allow an attacker to gain unauthorized access to default user accounts, access hidden pages and directories, perform exploitation on any unpatched flaws, and perform read/write actions on insecure directories and files on the server.

Security misconfigurations are not specific to any level of the web application, but can affect any level of the web server and application, such as the operating system (Windows or Linux), the web server platform (Apache, IIS, and Nginx), framework (Django, Angular, Drupal, and so on), and even custom code hosted on the server.

In the following section, we will discuss various vulnerable components that are found on web servers and platforms.