Development configuration files

Description

Kayran managed to locate configuration files.

Bussines Impact

These files may disclose sensitive information. This information can be used and assist in launching targeted attacks.

Recommendation

Remove or deny access to all configuration files that are accessible from the internet.

More Details

Attackers can find unreferenced or forgotten files that can be used to obtain important information about the infrastructure or the credentials.

Reference

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »