Systematic literature review on security misconfigurations in web applications

Security misconfigurations are unintentional errors that can lead to vulnerabilities in applications, compromising an organization's safety. This article aims to provide a comprehensive overview of the defense mechanisms proposed in the literature against security misconfigurations in web applications, while also offering a guide for future investigations to address identified limitations and research questions. To achieve this objective, a Systematic Literature Review (SLR) was carried out. The analysis resulted in the selection of 42 primary studies for analysis and data extraction. In the discussion of this SLR, new open research questions were presented: (i) Is the adoption of intelligent chatbots an effective way to assist in the process of detecting misconfigurations? (ii) Are serious games a promising way to help train the IT team to better deal with the problem of security misconfigurations? (iii) How to identify configuration restrictions and the interdependence between these parameters? (iv) How can continuous monitoring and automated tools be optimized to improve the detection and remediation of security misconfigurations? (v) What organizational policies and cultural practices are most effective in promoting secure configuration management? The presentation of this set of open questions suggests valuable topics and a guide for future investigations.