shellsharks, A quick-look at a not-so-talked-about type of security assessment, the "Secure Configuration Review”. Here I introduce a quick methodology for conducting this sort of review and provide examples of configs/settings you might typically evaluate during the assessment. Consider using this assessment type in the context of triaging OWASP Top 10 "Security Misconfiguration" or CWE-16-type flaws.