Test File Extensions Handling for Sensitive Information
OWASP Web Security Testing Guide 4.2 > 2. Configuration and Deploy Management Testing> 2.3. Test File Extensions Handling for Sensitive Information
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
2.3 | WSTG-CONF-03 | Test File Extensions Handling for Sensitive Information | - Dirbust sensitive file extensions, or extensions that might contain raw data (e.g. scripts, raw data, credentials, etc.). - Find important file, information (.asa , .inc , .sql ,zip, tar, pdf, txt, etc) - Validate that no system framework bypasses exist on the rules set. |