min read

Directory Browsing

It is possible to view a listing of the directory contents.

Summary

It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which be accessed to reveal sensitive information.

Solution

Configure the webserver to disable directory browsing.

References

https://www.zaproxy.org/docs/alerts/10033/
https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html
https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
https://cwe.mitre.org/data/definitions/548.html

Managed Cybersecurity Services tailored to your Startup

We make your startup secure and compliant by implementing and managing the security controls your customers deserve.

Latest Articles

View All Articles

Plan Your Security Roadmap

Check out how other startups become secure and compliant.

Mitigations

min read

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities

min read

Strict-Transport-Security Header

HTTP Strict Transport Security (HSTS).

Vulnerabilities

min read