OWASP Periodic Table of Vulnerabilities - Directory Indexing
Revision as of 02:51, 14 May 2013 by Peter Mosmans
Root Cause Summary
A misconfigured server can show a directory listing, which could potentially yield sensitive information to an attacker.
Browser / Standards Solution
- Disable directory listings in the web- or application-server configuration by default.
- Restrict access to unnecessary directories and files.
- Create an index (default) file for each directory.
Generic Framework Solution
Custom Framework Solution
Custom Code Solution
Discussion / Controversy