Previous...

Sorry about any english errors, I'm practicing and learning english.

What is Security Misconfiguration?

A security misconfiguration is a vulnerability that explore the bad configuration in application. This can be included:

• Apps with default credentials
• Bad configuration on the server like S3 bucket.
• Error messages that allow the attacker explore more about the system.
• IoT devices with default passowords.

Generally this vulnerability allow the attacker lead to more vulnerabilities like data explosure, XXE Attacks, RCE and others.

Where to find labs to practice?

Labs to practice can be find on some platforms like Try Hack Me and another alternative is practice yourself devices that have default credentials with this your leave more security the house devices and avoid the external attacks while are praticing.